It is intended to be completely transparent. This means that the user will never run the consolehelper program directly. Instead, programs like /sbin/shutdown are paired with a link from /usr/bin/shutdown to /usr/bin/consolehelper. Then when non-root users (specifically, users without /sbin in their path, or /sbin after /usr/bin) call the "shutdown" program, consolehelper will be invoked to authenticate the action and then invoke /sbin/shutdown. (consolehelper itself has no priviledges; it calls the userhelper(8) program do the real work.)
consolehelper requires that a PAM configuration for every managed program exist. So to make /sbin/foo or /usr/sbin/foo managed, you need to create a link from /usr/bin/foo to /usr/bin/consolehelper and create the file /etc/pam.d/foo, normally using the pam_console(8) PAM module.