diff --git a/.gcp.env b/.gcp.env
index 0218842b..feea70e7 100644
--- a/.gcp.env
+++ b/.gcp.env
@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.0.37
+SENTRIUS_VERSION=1.0.44
 SENTRIUS_SSH_VERSION=1.0.4
-SENTRIUS_KEYCLOAK_VERSION=1.0.6
-SENTRIUS_AGENT_VERSION=1.0.16
\ No newline at end of file
+SENTRIUS_KEYCLOAK_VERSION=1.0.7
+SENTRIUS_AGENT_VERSION=1.0.18
\ No newline at end of file
diff --git a/analyagents/pom.xml b/analyagents/pom.xml
index dee6c11c..26ad89b3 100644
--- a/analyagents/pom.xml
+++ b/analyagents/pom.xml
@@ -67,6 +67,11 @@
       <groupId>org.projectlombok</groupId>
       <artifactId>lombok</artifactId>
     </dependency>
+    <dependency>
+      <groupId>net.snowflake</groupId>
+      <artifactId>snowflake-ingest-sdk</artifactId>
+      <version>${snowflake-ingest-version}</version>
+    </dependency>
   </dependencies>
 
   <build>
diff --git a/analyagents/src/main/java/io/sentrius/agent/analysis/agents/sessions/SessionAnalyticsAgent.java b/analyagents/src/main/java/io/sentrius/agent/analysis/agents/sessions/SessionAnalyticsAgent.java
index 96645d8f..14091ed9 100644
--- a/analyagents/src/main/java/io/sentrius/agent/analysis/agents/sessions/SessionAnalyticsAgent.java
+++ b/analyagents/src/main/java/io/sentrius/agent/analysis/agents/sessions/SessionAnalyticsAgent.java
@@ -61,8 +61,9 @@ public void processSessions() {
         List<TerminalSessionMetadata> unprocessedSessions = sessionMetadataService.getSessionsByState("CLOSED").stream()
             .filter(session -> !processedSessionIds.contains(session.getId()))
             .collect(Collectors.toList());
-
+        long count = 0;
         for (TerminalSessionMetadata session : unprocessedSessions) {
+            count++;
             try {
                 processSession(session);
                 // ACTIVE -> INACTIVE -> CLOSED -> PROCESSED
@@ -75,7 +76,7 @@ public void processSessions() {
             sessionMetadataService.saveSession(session);
         }
 
-        log.info("Finished processing sessions");
+        log.info("Finished processing {} sessions ", count);
     }
 /* TODO - Implement this
     @Scheduled(fixedDelay = 60000) // Waits 60 seconds after the previous run completes
diff --git a/analyagents/src/main/java/io/sentrius/agent/analysis/sinks/log/LogSink.java b/analyagents/src/main/java/io/sentrius/agent/analysis/sinks/log/LogSink.java
new file mode 100644
index 00000000..d8ad623f
--- /dev/null
+++ b/analyagents/src/main/java/io/sentrius/agent/analysis/sinks/log/LogSink.java
@@ -0,0 +1,9 @@
+package io.sentrius.agent.analysis.sinks.log;
+
+import java.util.List;
+import io.sentrius.sso.core.model.sessions.TerminalLogs;
+
+public interface LogSink {
+
+    void process(List<TerminalLogs> logs);
+}
diff --git a/api/src/main/java/io/sentrius/sso/config/SecurityConfig.java b/api/src/main/java/io/sentrius/sso/config/SecurityConfig.java
index ba6698ee..77799715 100644
--- a/api/src/main/java/io/sentrius/sso/config/SecurityConfig.java
+++ b/api/src/main/java/io/sentrius/sso/config/SecurityConfig.java
@@ -37,6 +37,7 @@ public class SecurityConfig {
 
     private final CustomUserDetailsService userDetailsService;
     private final CustomAuthenticationSuccessHandler successHandler;
+    private final KeycloakAuthSuccessHandler keycloakAuthSuccessHandler;
     final UserService userService;
 
     @Value("${https.required:false}") // Default is false
@@ -55,6 +56,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
             )
             .oauth2Login(oauth2 -> oauth2
                 .loginPage("/oauth2/authorization/keycloak")
+                .successHandler(keycloakAuthSuccessHandler)
             )
             .cors(Customizer.withDefaults());
 
diff --git a/api/src/main/java/io/sentrius/sso/controllers/CustomErrorHandler.java b/api/src/main/java/io/sentrius/sso/controllers/CustomErrorHandler.java
index 9bc22b8e..514507f9 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/CustomErrorHandler.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/CustomErrorHandler.java
@@ -34,8 +34,8 @@ public static String createErrorHash(StackTraceElement[] trace, String t) {
     @RequestMapping("/error")
     public String handleError(HttpServletRequest request, Model model) {
         // Retrieve error details
-        Integer statusCode = (Integer) request.getAttribute("javax.servlet.error.status_code");
-        Throwable ex = (Throwable) request.getAttribute("javax.servlet.error.exception");
+        Integer statusCode = (Integer) request.getAttribute("jakarta.servlet.error.status_code");
+        Throwable ex = (Throwable) request.getAttribute("jakarta.servlet.error.exception");
 
         // Log error details (optional)
         if (ex != null) {
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/IntegrationApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/IntegrationApiController.java
index 83b7167b..904812e3 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/IntegrationApiController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/IntegrationApiController.java
@@ -22,8 +22,10 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
 
 @Slf4j
 @Controller
@@ -76,9 +78,10 @@ public ResponseEntity<ExternalIntegrationDTO> addJiraIntegration(HttpServletRequ
     @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_MANAGE_APPLICATION})
     public ResponseEntity<ExternalIntegrationDTO> addOpenaiIntegration(HttpServletRequest request,
                                                                   HttpServletResponse response,
-                                                                     ExternalIntegrationDTO integrationDTO)
+                                                                    @RequestBody ExternalIntegrationDTO integrationDTO)
         throws JsonProcessingException {
 
+        log.info("ahh");
 
         var json = JsonUtil.MAPPER.writeValueAsString(integrationDTO);
         IntegrationSecurityToken token = IntegrationSecurityToken.builder()
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
index e0cd31ef..c8eedd3c 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
@@ -6,6 +6,7 @@
 import java.util.List;
 import java.util.Map;
 import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.BooleanNode;
 import com.fasterxml.jackson.databind.node.IntNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
@@ -13,6 +14,7 @@
 import io.sentrius.sso.core.annotations.LimitAccess;
 import io.sentrius.sso.core.annotations.Model;
 import io.sentrius.sso.core.controllers.BaseController;
+import io.sentrius.sso.core.model.HostSystem;
 import io.sentrius.sso.core.model.security.UserType;
 import io.sentrius.sso.core.model.users.User;
 import io.sentrius.sso.core.model.dto.UserDTO;
@@ -20,6 +22,8 @@
 import io.sentrius.sso.core.model.security.enums.UserAccessEnum;
 import io.sentrius.sso.core.model.users.UserConfig;
 import io.sentrius.sso.core.model.users.UserSettings;
+import io.sentrius.sso.core.model.zt.OpsZeroTrustAcessTokenRequest;
+import io.sentrius.sso.core.model.zt.ZeroTrustAccessTokenRequest;
 import io.sentrius.sso.core.security.service.CryptoService;
 import io.sentrius.sso.core.services.ErrorOutputService;
 import io.sentrius.sso.core.services.SessionService;
@@ -27,6 +31,8 @@
 import io.sentrius.sso.core.services.UserService;
 import io.sentrius.sso.core.services.HostGroupService;
 import io.sentrius.sso.core.config.SystemOptions;
+import io.sentrius.sso.core.services.ZeroTrustAccessTokenService;
+import io.sentrius.sso.core.services.ZeroTrustRequestService;
 import io.sentrius.sso.core.utils.JsonUtil;
 import io.sentrius.sso.core.utils.MessagingUtil;
 import jakarta.servlet.http.HttpServletRequest;
@@ -37,6 +43,7 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 
@@ -51,6 +58,8 @@ public class UserApiController extends BaseController {
     final CryptoService  cryptoService;
     private final MessagingUtil messagingUtil;
     final UserCustomizationService userThemeService;
+    final ZeroTrustRequestService ztatRequestService;
+    final ZeroTrustAccessTokenService ztatService;
 
     static Map<String, Field> fields = new HashMap<>();
     static {
@@ -66,7 +75,9 @@ protected UserApiController(UserService userService, SystemOptions systemOptions
                                 HostGroupService hostGroupService, CryptoService  cryptoService,
                                 MessagingUtil messagingUtil,
                                 UserCustomizationService userThemeService,
-                                SessionService sessionService
+                                SessionService sessionService,
+                                ZeroTrustRequestService ztatRequestService,
+                                ZeroTrustAccessTokenService ztatService
     ) {
         super(userService, systemOptions, errorOutputService);
         this.hostGroupService =     hostGroupService;
@@ -74,6 +85,8 @@ protected UserApiController(UserService userService, SystemOptions systemOptions
         this.messagingUtil = messagingUtil;
         this.userThemeService = userThemeService;
         this.sessionService = sessionService;
+        this.ztatRequestService = ztatRequestService;
+        this.ztatService = ztatService;
     }
 
     @GetMapping("list")
@@ -117,7 +130,6 @@ public String deleteUser(@RequestParam("userId") String userId) throws GeneralSe
     }
 
     @PostMapping("/settings")
-    @LimitAccess(userAccess = {UserAccessEnum.CAN_EDIT_USERS})
     public String updateUser(HttpServletRequest request, HttpServletResponse response ) throws JsonProcessingException {
         var user = userService.getOperatingUser(request,response, null);
 
@@ -163,6 +175,18 @@ public String updateUser(HttpServletRequest request, HttpServletResponse respons
         return "redirect:/sso/v1/users/settings?message=" + MessagingUtil.getMessageId(MessagingUtil.SETTINGS_UPDATED);
     }
 
+    @PostMapping("/settings/workhours")
+    public String updateWorkhours(HttpServletRequest request, HttpServletResponse response,
+                                  @RequestBody JsonNode body) throws JsonProcessingException {
+        log.info("Updating work hours: {}", body);
+        /*
+        var reason = ztatService.createReason("Updating work hours", "Updating work hours", "");
+        var ztatRequest = ztatService.createOpsRequest("Updating work hours", "Updating work hours",
+         reason,   userService.getOperatingUser(request,response, null));
+        ztatRequestService.createOpsTATRequest(ztatRequest);*/
+        return "";
+    }
+
     @GetMapping("/types/list")
     @LimitAccess(userAccess = {UserAccessEnum.CAN_MANAGE_USERS})
     public ResponseEntity<List<UserTypeDTO>> getUserTypes() throws GeneralSecurityException {
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/ZeroTrustATApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/ZeroTrustATApiController.java
index 4198dd1c..1a25cc26 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/ZeroTrustATApiController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/ZeroTrustATApiController.java
@@ -13,6 +13,7 @@
 import io.sentrius.sso.core.config.SystemOptions;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -20,6 +21,7 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 
+@Slf4j
 @Controller
 @RequestMapping("/api/v1/zerotrust/accesstoken")
 public class ZeroTrustATApiController extends BaseController {
@@ -52,6 +54,7 @@ public String manageRequest(HttpServletRequest request, HttpServletResponse resp
                               @RequestParam("ztatId") Long ztatId) throws SQLException, GeneralSecurityException {
         var operatingUser = getOperatingUser(request, response);
         if (null != type ){
+            log.info("Operating user {} is managing a {} request with status {}", operatingUser, type, status);
             switch(type){
                 case "terminal":
                     manageTerminalZtAt(operatingUser, ztatId, status);
diff --git a/api/src/main/java/io/sentrius/sso/controllers/view/UserController.java b/api/src/main/java/io/sentrius/sso/controllers/view/UserController.java
index 05e890a7..5663fe1b 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/view/UserController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/view/UserController.java
@@ -1,26 +1,35 @@
 package io.sentrius.sso.controllers.view;
 
 import java.lang.reflect.Field;
+import java.security.GeneralSecurityException;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
+import java.util.stream.Collectors;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.sentrius.sso.core.annotations.LimitAccess;
 import io.sentrius.sso.core.controllers.BaseController;
+import io.sentrius.sso.core.model.WorkHours;
+import io.sentrius.sso.core.model.dto.DayOfWeekDTO;
 import io.sentrius.sso.core.model.dto.SystemOption;
+import io.sentrius.sso.core.model.dto.UserDTO;
 import io.sentrius.sso.core.model.dto.UserTypeDTO;
 import io.sentrius.sso.core.model.security.UserType;
 import io.sentrius.sso.core.model.security.enums.UserAccessEnum;
 import io.sentrius.sso.core.model.users.User;
 import io.sentrius.sso.core.model.users.UserConfig;
 import io.sentrius.sso.core.model.users.UserSettings;
+import io.sentrius.sso.core.repository.UserTypeRepository;
+import io.sentrius.sso.core.security.service.CryptoService;
 import io.sentrius.sso.core.services.ErrorOutputService;
 import io.sentrius.sso.core.services.UserCustomizationService;
 import io.sentrius.sso.core.services.UserService;
 import io.sentrius.sso.core.config.SystemOptions;
+import io.sentrius.sso.core.services.WorkHoursService;
 import io.sentrius.sso.core.utils.JsonUtil;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -29,7 +38,9 @@
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 
 @Slf4j
 @Controller
@@ -37,10 +48,17 @@
 public class UserController extends BaseController {
 
     final UserCustomizationService userThemeService;
+    final WorkHoursService  workHoursService;
+    final CryptoService cryptoService;
 
-    protected UserController(UserService userService, SystemOptions systemOptions, ErrorOutputService errorOutputService, UserCustomizationService userThemeService) {
+    protected UserController(UserService userService, SystemOptions systemOptions,
+                             ErrorOutputService errorOutputService, UserCustomizationService userThemeService, WorkHoursService  workHoursService,
+                             CryptoService cryptoService
+    ) {
         super(userService, systemOptions, errorOutputService);
         this.userThemeService = userThemeService;
+        this.workHoursService = workHoursService;
+        this.cryptoService = cryptoService;
     }
 
     @ModelAttribute("userSettings")
@@ -147,9 +165,45 @@ public String listUsers(Model model) {
         return "sso/users/list_users";
     }
 
+
+    @GetMapping("/edit")
+    @LimitAccess(userAccess = {UserAccessEnum.CAN_EDIT_USERS})
+    public String editUser(Model model, HttpServletRequest request, HttpServletResponse response,
+                           @RequestParam("userId") String userId) throws GeneralSecurityException {
+        model.addAttribute("globalAccessSet", UserType.createSuperUser().getAccessSet());
+        Long id = Long.parseLong(cryptoService.decrypt(userId));
+        User user = userService.getUserById(id);
+        UserDTO userDTO = new UserDTO(user);
+        var types = userService.getUserTypeList();
+        model.addAttribute("userTypes",types);
+        model.addAttribute("user", userDTO);
+        return "sso/users/edit_user";
+    }
+
     @GetMapping("/settings")
     @LimitAccess(userAccess = {UserAccessEnum.CAN_VIEW_USERS})
-    public String getUserSettings(HttpServletRequest request, HttpServletResponse response) {
+    public String getUserSettings(Model model, HttpServletRequest request, HttpServletResponse response) {
+
+        var user = userService.getOperatingUser(request,response, null);
+
+        List<WorkHours> workHoursList = workHoursService.getWorkHoursForUser(user.getId());
+
+        // Convert the list into a Map where the key is the day of the week (0-6)
+        Map<Integer, WorkHours> userWorkHours = workHoursList.stream()
+            .collect(Collectors.toMap(WorkHours::getDayOfWeek, wh -> wh));
+
+        // Pass data to Thymeleaf
+        model.addAttribute("userWorkHours", userWorkHours);
+        model.addAttribute("daysOfWeek", List.of(
+            new DayOfWeekDTO(0, "Sunday"),
+            new DayOfWeekDTO(1, "Monday"),
+            new DayOfWeekDTO(2, "Tuesday"),
+            new DayOfWeekDTO(3, "Wednesday"),
+            new DayOfWeekDTO(4, "Thursday"),
+            new DayOfWeekDTO(5, "Friday"),
+            new DayOfWeekDTO(6, "Saturday")
+        ));
+
         return "sso/users/user_settings";
     }
 
diff --git a/api/src/main/java/io/sentrius/sso/controllers/view/ZeroTrustATController.java b/api/src/main/java/io/sentrius/sso/controllers/view/ZeroTrustATController.java
index 4c07a05b..fec8c593 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/view/ZeroTrustATController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/view/ZeroTrustATController.java
@@ -30,7 +30,7 @@ protected ZeroTrustATController(UserService userService,
     }
 
     @GetMapping("/my/current")
-    public ResponseEntity<String> getCurrentJit() {
+    public ResponseEntity<String> getCurrentTat() {
 
         return ResponseEntity.ok().build();
     }
@@ -38,28 +38,28 @@ public ResponseEntity<String> getCurrentJit() {
 
     @GetMapping("/list")
     @LimitAccess(ztatAccess= {ZeroTrustAccessTokenEnum.CAN_VIEW_ZTATS})
-    public String viewJitRequests(HttpServletRequest request, HttpServletResponse response, Model model) {
+    public String viewTatRequests(HttpServletRequest request, HttpServletResponse response, Model model) {
         var operatingUser = getOperatingUser(request, response);
-        modelJITs(model, operatingUser);
+        modelTATs(model, operatingUser);
         return "sso/ztats/view_ztats";
     }
 
     @GetMapping("/my")
     @LimitAccess(ztatAccess= {ZeroTrustAccessTokenEnum.CAN_VIEW_ZTATS})
-    public String viewMyJits(HttpServletRequest request, HttpServletResponse response, Model model) {
+    public String viewMyTats(HttpServletRequest request, HttpServletResponse response, Model model) {
         var operatingUser = getOperatingUser(request, response);
-        modelJITs(model, operatingUser);
+        modelTATs(model, operatingUser);
 
         return "sso/ztats/view_my_ztats";
     }
 
-    private void modelJITs(Model model, User operatingUser){
-        model.addAttribute("openTerminalJits", ztatRequestService.getOpenAccessTokenRequests(operatingUser));
-        model.addAttribute("openOpsJits", ztatRequestService.getOpenOpsRequests(operatingUser));
-        model.addAttribute("approvedTerminalJits", ztatRequestService.getApprovedTerminalAccessTokenRequests(operatingUser));
-        model.addAttribute("approvedOpsJits", ztatRequestService.getApprovedOpsAccessTokenRequests(operatingUser));
-        model.addAttribute("deniedOpsJits", ztatRequestService.getDeniedOpsAccessTokenRequests(operatingUser));
-        model.addAttribute("deniedTerminalJits", ztatRequestService.getDeniedTerminalAccessTokenRequests(operatingUser));
+    private void modelTATs(Model model, User operatingUser){
+        model.addAttribute("openTerminalTats", ztatRequestService.getOpenAccessTokenRequests(operatingUser));
+        model.addAttribute("openOpsTats", ztatRequestService.getOpenOpsRequests(operatingUser));
+        model.addAttribute("approvedTerminalTats", ztatRequestService.getApprovedTerminalAccessTokenRequests(operatingUser));
+        model.addAttribute("approvedOpsTats", ztatRequestService.getApprovedOpsAccessTokenRequests(operatingUser));
+        model.addAttribute("deniedOpsTats", ztatRequestService.getDeniedOpsAccessTokenRequests(operatingUser));
+        model.addAttribute("deniedTerminalTats", ztatRequestService.getDeniedTerminalAccessTokenRequests(operatingUser));
     }
 
 }
diff --git a/api/src/main/resources/application.properties b/api/src/main/resources/application.properties
index c8149bb5..231ac059 100644
--- a/api/src/main/resources/application.properties
+++ b/api/src/main/resources/application.properties
@@ -64,6 +64,7 @@ server.error.whitelabel.enabled=false
 
 
 keycloak.realm=sentrius
+keycloak.base-url=http://192.168.1.162:8180
 
 spring.security.oauth2.client.registration.keycloak.client-id=sentrius-api
 spring.security.oauth2.client.registration.keycloak.client-secret=nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0
diff --git a/api/src/main/resources/db/migration/V15__work_hours.sql b/api/src/main/resources/db/migration/V15__work_hours.sql
new file mode 100644
index 00000000..ed08a953
--- /dev/null
+++ b/api/src/main/resources/db/migration/V15__work_hours.sql
@@ -0,0 +1,10 @@
+CREATE TABLE work_hours (
+    id SERIAL PRIMARY KEY,
+    user_id INT REFERENCES users(id) ON DELETE CASCADE,
+    day_of_week SMALLINT CHECK (day_of_week BETWEEN 0 AND 6), -- 0 = Sunday, 6 = Saturday
+    start_time TIME NOT NULL,  -- Example: '09:00:00'
+    end_time TIME NOT NULL  -- Example: '17:00:00'
+);
+
+-- Ensure fast lookups for checking dem hours
+CREATE INDEX idx_work_hours ON work_hours (user_id, day_of_week);
diff --git a/api/src/main/resources/db/migration/V16__add_ops_summary.sql b/api/src/main/resources/db/migration/V16__add_ops_summary.sql
new file mode 100644
index 00000000..c64f88e0
--- /dev/null
+++ b/api/src/main/resources/db/migration/V16__add_ops_summary.sql
@@ -0,0 +1,3 @@
+
+ALTER TABLE operations_request
+    ADD COLUMN summary TEXT;
diff --git a/api/src/main/resources/templates/sso/dashboard.html b/api/src/main/resources/templates/sso/dashboard.html
index f30c2ef7..5e51ddec 100755
--- a/api/src/main/resources/templates/sso/dashboard.html
+++ b/api/src/main/resources/templates/sso/dashboard.html
@@ -420,7 +420,7 @@ <h5 class="card-title">User Operations</h5>
                                     <a href="/sso/v1/users/settings" class="btn btn-primary"
                                        th:if="${!#sets.contains(operatingUser.authorizationType.accessSet, 'CAN_VIEW_ZTATS')}">Your Settings</a>
                                     <a href="/sso/v1/zerotrust/accesstoken/list" class="btn btn-primary"
-                                       th:if="${#sets.contains(operatingUser.authorizationType.accessSet, 'CAN_VIEW_ZTATS')}">View JITs</a>
+                                       th:if="${#sets.contains(operatingUser.authorizationType.accessSet, 'CAN_VIEW_ZTATS')}">View Trust ATs</a>
                                 </div>
                             </div>
                         </div>
diff --git a/api/src/main/resources/templates/sso/integrations/add_openai.html b/api/src/main/resources/templates/sso/integrations/add_openai.html
index f9f9d6e6..4cbfb165 100644
--- a/api/src/main/resources/templates/sso/integrations/add_openai.html
+++ b/api/src/main/resources/templates/sso/integrations/add_openai.html
@@ -55,8 +55,39 @@
             font-size: 1.25rem;
             color: #888;
         }
-
     </style>
+
+    <script>
+        async function submitIntegration(event) {
+            event.preventDefault();
+
+            const form = event.target;
+            const formData = new FormData(form);
+            const jsonData = Object.fromEntries(formData.entries());
+            var csrf = "[[${_csrf.token}]]"
+            try {
+                const response = await fetch(form.action, {
+                    method: "POST",
+                    headers: {
+                        "Content-Type": "application/json",
+                        "X-CSRF-TOKEN": csrf
+                    },
+                    body: JSON.stringify(jsonData)
+                });
+
+                if (response.ok) {
+                    const redirectUrl = "/sso/v1/integrations"; // Modify as needed
+                    window.location.href = redirectUrl;
+                } else {
+                    const errorText = await response.text();
+                    alert("Error: " + errorText);
+                }
+            } catch (error) {
+                console.error("Request failed", error);
+                alert("Failed to save integration.");
+            }
+        }
+    </script>
 </head>
 <body>
 
@@ -68,7 +99,7 @@
                 <div th:replace="~{fragments/alerts}"></div>
                 <div class="container">
                     <h1>Set Up OpenAI Integration</h1>
-                    <form th:action="@{/api/v1/integrations/openai/add}" th:object="${openaiIntegration}" method="post">
+                    <form th:action="@{/api/v1/integrations/openai/add}" th:object="${openaiIntegration}" method="post" onsubmit="submitIntegration(event)">
 
                         <div class="form-group">
                             <label for="name">Integration Name</label>
@@ -88,7 +119,6 @@ <h1>Set Up OpenAI Integration</h1>
                                    th:field="*{apiToken}" placeholder="Enter your Jira API token" required>
                         </div>
 
-
                         <div class="form-actions">
                             <button type="submit" class="btn btn-primary">Save Integration</button>
                         </div>
@@ -101,4 +131,3 @@ <h1>Set Up OpenAI Integration</h1>
 
 </body>
 </html>
-
diff --git a/api/src/main/resources/templates/sso/users/edit_user.html b/api/src/main/resources/templates/sso/users/edit_user.html
new file mode 100644
index 00000000..538ef4ea
--- /dev/null
+++ b/api/src/main/resources/templates/sso/users/edit_user.html
@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org" class="dark" data-bs-theme="dark">
+<head>
+    <meta th:replace="~{fragments/header}">
+    <title>Edit User</title>
+</head>
+
+<body>
+<div class="container-fluid">
+    <div class="row flex-nowrap">
+        <div th:replace="~{fragments/sidebar}" class="col-auto sidebar" style="width: 180px;"></div>
+        <div class="col py-4">
+            <div class="main-content">
+                <h3>Edit User</h3>
+                <form th:action="@{/api/v1/users/update}" method="post">
+                    <input type="hidden" name="userId" th:value="${user.userId}"/>
+
+                    <table class="table table-striped table-dark">
+                        <thead>
+                        <tr>
+                            <th>Setting</th>
+                            <th>Value</th>
+                        </tr>
+                        </thead>
+                        <tbody>
+                        <tr>
+                            <td><label for="name">Name</label></td>
+                            <td><input type="text" id="name" name="name" class="form-control" th:value="${user.name}"
+                                       readonly></td>
+                        </tr>
+                        <tr>
+                            <td><label for="username">Username</label></td>
+                            <td><input type="text" id="username" name="username" class="form-control" th:value="${user.username}" readonly></td>
+                        </tr>
+                        <tr>
+                            <td><label for="email">Email Address</label></td>
+                            <td><input type="email" id="email" name="emailAddress" class="form-control" th:value="${user.emailAddress}" readonly></td>
+                        </tr>
+                        <tr>
+                            <td><label for="userType">User Type</label></td>
+                            <td>
+                                <select id="userType" name="userType" class="form-control">
+                                    <option th:each="type : ${userTypes}" th:value="${type.id}"
+                                            th:text="${type.userTypeName}"
+                                            th:selected="${type.id == user.authorizationType.id}"></option>
+                                </select>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td><label for="status">Status</label></td>
+                            <td>
+                                <select id="status" name="status" class="form-control">
+                                    <option value="ACTIVE" th:selected="${user.status == 'ACTIVE'}">Active</option>
+                                    <option value="LOCKED" th:selected="${user.status == 'LOCKED'}">Locked</option>
+                                </select>
+                            </td>
+                        </tr>
+                        </tbody>
+                    </table>
+
+                    <button type="submit" class="btn btn-success">Save Changes</button>
+                    <a href="/sso/v1/users/list" class="btn btn-secondary">Cancel</a>
+                </form>
+            </div>
+        </div>
+    </div>
+</div>
+
+</body>
+</html>
diff --git a/api/src/main/resources/templates/sso/users/list_users.html b/api/src/main/resources/templates/sso/users/list_users.html
index ccc691d5..fa4599bd 100755
--- a/api/src/main/resources/templates/sso/users/list_users.html
+++ b/api/src/main/resources/templates/sso/users/list_users.html
@@ -47,6 +47,7 @@
                         var actions = "";
                         if (cmu){
                             actions = `<a href="/sso/v1/users/lock/${myId}" class="btn btn-primary" >Lock</a> &nbsp; | &nbsp;`;
+                            actions += `<a href="/sso/v1/users/edit?userId=${myId}" class="btn btn-primary" >Edit</a> &nbsp; | &nbsp;`;
                             actions += `<a href="/api/v1/users/delete?userId=${myId}" class="btn btn-primary" >Delete</a>`;
                         }
                         return actions;
diff --git a/api/src/main/resources/templates/sso/users/user_settings.html b/api/src/main/resources/templates/sso/users/user_settings.html
index 7e3b252a..8d9bc4d8 100755
--- a/api/src/main/resources/templates/sso/users/user_settings.html
+++ b/api/src/main/resources/templates/sso/users/user_settings.html
@@ -3,17 +3,25 @@
 
 <head>
     <meta th:replace="~{fragments/header}">
-    <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css" rel="stylesheet">
+    <!--<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css" rel="stylesheet">
+    -->
     <style>
         /* Centering the form container */
         .center-container {
             display: flex;
-            justify-content: center;
+            flex-direction: column; /* Stack elements vertically */
             align-items: center;
-            height: calc(100vh - 80px); /* Full viewport height minus space for navbar */
+            width: 100%; /* Ensure full width usage */
             padding: 20px;
         }
 
+        .form-section {
+            width: 100%; /* Prevent side-by-side layout */
+            max-width: 600px; /* Optional: Match the width of the form */
+            margin-bottom: 20px; /* Space between form and table */
+        }
+
+
         /* Limit form width for better UX */
         .settings-form {
             max-width: 500px;
@@ -48,6 +56,11 @@
         .submit_btn {
             width: 100%; /* Full-width button */
         }
+
+        .settings-form table,
+        .table {
+            margin-bottom: 10px; /* Reduce spacing between tables */
+        }
     </style>
     <title>[[${systemOptions.systemLogoName}]] - User Settings</title>
 </head>
@@ -65,6 +78,7 @@
 
                 <!-- Centered form container -->
                 <div class="center-container">
+                    <h2>Your Settings</h2>
                     <form th:action="@{/api/v1/users/settings}" method="post" class="settings-form" autocomplete="off">
                         <input type="hidden" name="_csrf" th:value="${_csrf.token}" />
 
@@ -85,14 +99,81 @@
                             </template>
                         </table>
 
+
                         <br />
                         <button type="submit" class="btn btn-primary submit_btn">Save</button>
                     </form>
+
+                <div class="form-section">
+                    <br />
+                    <h2>Work Hours</h2>
+                    <table class="table table-dark table-striped">
+                        <thead>
+                        <tr>
+                            <th>Day</th>
+                            <th>Enable</th>
+                            <th>Start Time</th>
+                            <th>End Time</th>
+                        </tr>
+                        </thead>
+                        <tbody>
+                        <tr th:each="day, iter : ${daysOfWeek}">
+                            <td th:text="${day.name}"></td>
+                            <td>
+                                <input type="checkbox" th:id="'enable_' + ${iter.index}" th:checked="${userWorkHours.containsKey(day.id)}">
+                            </td>
+                            <td>
+                                <input type="time" class="form-control" th:id="'start_' + ${iter.index}"
+                                       th:value="${userWorkHours.containsKey(day.id) ? userWorkHours.get(day.id).startTime : ''}"
+                                       th:disabled="${!userWorkHours.containsKey(day.id)}">
+                            </td>
+                            <td>
+                                <input type="time" class="form-control" th:id="'end_' + ${iter.index}"
+                                       th:value="${userWorkHours.containsKey(day.id) ? userWorkHours.get(day.id).endTime : ''}"
+                                       th:disabled="${!userWorkHours.containsKey(day.id)}">
+                            </td>
+                        </tr>
+                        </tbody>
+                    </table>
+
+                    <br />
+                    <button class="btn btn-primary mt-3" id="saveWorkHours">Save Work Hours</button>
                 </div>
             </div>
         </div>
     </div>
 </div>
+<script>
+    document.addEventListener('DOMContentLoaded', function () {
+        document.querySelectorAll('[id^="enable_"]').forEach((checkbox) => {
+            checkbox.addEventListener('change', function () {
+                let index = this.id.split("_")[1];
+                document.getElementById('start_' + index).disabled = !this.checked;
+                document.getElementById('end_' + index).disabled = !this.checked;
+            });
+        });
+
+        document.getElementById('saveWorkHours').addEventListener('click', function () {
+            let workHours = [];
+            document.querySelectorAll('[id^="enable_"]').forEach((checkbox) => {
+                let index = checkbox.id.split("_")[1];
+                if (checkbox.checked) {
+                    workHours.push({
+                        dayOfWeek: index,
+                        startTime: document.getElementById('start_' + index).value,
+                        endTime: document.getElementById('end_' + index).value
+                    });
+                }
+            });
+
+            fetch('/api/v1/users/settings/workhours', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify(workHours)
+            }).then(response => location.reload());
+        });
+    });
+</script>
 </body>
 
 </html>
diff --git a/api/src/main/resources/templates/sso/ztats/view_ztats.html b/api/src/main/resources/templates/sso/ztats/view_ztats.html
index 3c7362f3..b58c8552 100755
--- a/api/src/main/resources/templates/sso/ztats/view_ztats.html
+++ b/api/src/main/resources/templates/sso/ztats/view_ztats.html
@@ -1,25 +1,20 @@
 <!DOCTYPE html>
 <html xmlns:th="http://www.thymeleaf.org">
-
 <head>
     <meta th:replace="~{fragments/header}" />
-    <title>[[${systemOptions.systemLogoName}]] - JIT Management</title>
+    <title>[[${systemOptions.systemLogoName}]] - Trust AT (TAT) Management</title>
 
     <!-- Styles -->
     <style>
         body {
-            background-color: #121212; /* Dark mode background */
-            color: #eaeaea; /* Light text color */
+            background-color: #121212;
+            color: #eaeaea;
         }
 
         .container {
             margin-top: 20px;
         }
 
-        .table-container {
-            margin-bottom: 20px;
-        }
-
         .toast-header {
             font-size: 1.5rem;
             font-weight: bold;
@@ -32,25 +27,29 @@
             color: #eaeaea;
         }
 
-        .btn-primary,
-        .btn-secondary {
-            background-color: #007bff;
-            border-color: #007bff;
+        .btn-primary, .btn-secondary, .btn-danger {
             transition: background-color 0.3s ease;
         }
 
-        .btn-secondary:hover,
-        .btn-primary:hover {
-            background-color: #0056b3;
-        }
-
         .table-striped tbody tr:nth-of-type(odd) {
-            background-color: #2b2b2b; /* Custom dark striping */
+            background-color: #2b2b2b;
         }
 
         .table-striped tbody tr:hover {
             background-color: #3a3a3a;
         }
+
+        .icon-btn {
+            border: none;
+            background: transparent;
+            color: #eaeaea;
+            font-size: 1.2rem;
+            cursor: pointer;
+        }
+
+        .icon-btn:hover {
+            color: #007bff;
+        }
     </style>
 </head>
 
@@ -63,261 +62,142 @@
                 <div th:replace="~{fragments/alerts}"></div>
 
                 <div class="container-fluid">
-    <!-- JIT Management Sections -->
-    <div class="row">
-        <!-- Open Terminal JITs -->
-        <div class="col-md-6 table-container">
-            <h2 class="toast-header">Open Terminal JITs</h2>
-            <table id="terminal-ztats-table" class="display">
-                <thead>
-                <tr>
-                    <th>Operation</th>
-                    <th>User</th>
-                    <th>System</th>
-                    <th>Approvals</th>
-                </tr>
-                </thead>
-                <tbody>
-                <tr th:each="s : ${openTerminalJits}">
-                    <td th:text="${s.command}"></td>
-                    <td th:text="${s.userName}"></td>
-                    <td th:text="${s.hostName}"></td>
-                    <td>
-                        <button th:id="'app_btn_' + ${s.id}" class="btn btn-primary btn-sm app_btn"
-                                th:if="${#sets.contains(operatingUser.authorizationType.accessSet, 'CAN_APPROVE_ZTATS') && !s.isCurrentUser}">Approve</button>
-                        <button th:id="'den_btn_' + ${s.id}" class="btn btn-danger btn-sm den_btn"
-                                th:if="${#sets.contains(operatingUser.authorizationType.accessSet, 'CAN_DENY_ZTATS') && !s.isCurrentUser}">Deny</button>
-                        <button th:id="'rev_btn_' + ${s.id}"
-                                th:if="${s.isCurrentUser }"
-                                class="btn btn-secondary rev_btn spacer spacer-right">Revoke
-                        </button>
-                    </td>
-                </tr>
-                </tbody>
-            </table>
-        </div>
+                    <h2 class="toast-header">Trust AT (TAT) Management</h2>
+
+                    <!-- Tabs for Open, Approved, and Denied TATs -->
+                    <ul class="nav nav-tabs" id="tatTabs">
+                        <li class="nav-item"><a class="nav-link active" data-bs-toggle="tab" href="#openTats">Open TATs</a></li>
+                        <li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#approvedTats">Approved TATs</a></li>
+                        <li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#deniedTats">Denied TATs</a></li>
+                    </ul>
+
+                    <div class="tab-content mt-3">
+                        <!-- Open TATs -->
+                        <div id="openTats" class="tab-pane fade show active">
+                            <ul class="nav nav-pills mb-3">
+                                <li class="nav-item"><a class="nav-link active" data-bs-toggle="tab" href="#open-terminal">Terminal TATs</a></li>
+                                <li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#open-ops">Operational TATs</a></li>
+                            </ul>
+                            <div class="tab-content">
+                                <!-- Terminal TATs -->
+                                <div id="open-terminal" class="tab-pane fade show active">
+                                    <table id="open-terminal-table" class="display">
+                                        <thead>
+                                        <tr><th>Operation</th><th>User</th><th>System</th><th>Actions</th></tr>
+                                        </thead>
+                                        <tbody>
+                                        <tr th:each="s : ${openTerminalTats}">
+                                            <td th:text="${s.command}"></td>
+                                            <td th:text="${s.userName}"></td>
+                                            <td th:text="${s.hostName}"></td>
+                                            <td>
+                                                <button th:id="'app_btn_' + ${s.id}" class="icon-btn app_btn" th:if="${canApprove}">✅</button>
+                                                <button th:id="'den_btn_' + ${s.id}" class="icon-btn den_btn" th:if="${canDeny}">❌</button>
+                                                <button th:id="'rev_btn_' + ${s.id}" class="icon-btn rev_btn" th:if="${s.isCurrentUser}">🔄</button>
+                                            </td>
+                                        </tr>
+                                        </tbody>
+                                    </table>
+                                </div>
+
+                                <!-- Operational TATs -->
+                                <div id="open-ops" class="tab-pane fade">
+                                    <table id="open-ops-table" class="display">
+                                        <thead>
+                                        <tr><th>Operation</th><th>User</th><th>Actions</th></tr>
+                                        </thead>
+                                        <tbody>
+                                        <tr th:each="s : ${openOpsTats}">
+                                            <td th:text="${s.summary}"></td>
+                                            <td th:text="${s.userName}"></td>
+                                            <td>
+                                                <button th:id="'ops_app_btn_' + ${s.id}" class="icon-btn ops_app_btn" th:if="${canApprove}">✅</button>
+                                                <button th:id="'ops_den_btn_' + ${s.id}" class="icon-btn ops_den_btn" th:if="${canDeny}">❌</button>
+                                                <button th:id="'ops_rev_btn_' + ${s.id}" class="icon-btn ops_rev_btn" th:if="${s.isCurrentUser}">🔄</button>
+                                            </td>
+                                        </tr>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+
+                        <!-- Approved & Denied TATs - Same Structure -->
+                        <div id="approvedTats" class="tab-pane fade">
+                            <table id="approved-tats-table" class="display">
+                                <thead>
+                                <tr><th>Operation</th><th>User</th><th>Uses Remaining</th></tr>
+                                </thead>
+                                <tbody>
+                                <tr th:each="s : ${approvedTats}">
+                                    <td th:text="${s.command}"></td>
+                                    <td th:text="${s.userName}"></td>
+                                    <td th:text="${s.usesRemaining}"></td>
+                                </tr>
+                                </tbody>
+                            </table>
+                        </div>
+
+                        <div id="deniedTats" class="tab-pane fade">
+                            <table id="denied-tats-table" class="display">
+                                <thead>
+                                <tr><th>Operation</th><th>User</th><th>System</th></tr>
+                                </thead>
+                                <tbody>
+                                <tr th:each="s : ${deniedTats}">
+                                    <td th:text="${s.command}"></td>
+                                    <td th:text="${s.userName}"></td>
+                                    <td th:text="${s.hostName}"></td>
+                                </tr>
+                                </tbody>
+                            </table>
+                        </div>
 
-        <div class="col-md-6 table-container">
-            <h2 class="toast-header">Open OPS JITs</h2>
-            <table id="ops-ztats-table" class="display">
-                <thead>
-                <tr>
-                    <th>Operation</th>
-                    <th>User</th>
-                    <th>Approvals</th>
-                </tr>
-                </thead>
-                <tbody>
-                <tr th:each="s : ${openOpsJits}">
-                    <td th:text="${s.command}"></td>
-                    <td th:text="${s.userName}"></td>
-                    <td>
-                         <button th:id="'ops_app_btn_' + ${s.id}"
-                                th:if="${#sets.contains(operatingUser.authorizationType.accessSet, 'CAN_APPROVE_ZTATS')
-                                         && !s.isCurrentUser}"
-                                class="btn btn-secondary ops_app_btn spacer spacer-right">Approve
-                        </button>
-                        <button th:id="'ops_den_btn_' + ${s.id}"
-                                th:if="${#sets.contains(operatingUser.authorizationType.accessSet, 'CAN_DENY_ZTATS')
-                                          && !s.isCurrentUser }"
-                                class="btn btn-secondary ops_den_btn spacer spacer-right">Deny
-                        </button>
-                        <button th:id="'ops_rev_btn_' + ${s.id}"
-                                th:if="${s.isCurrentUser }"
-                                class="btn btn-secondary ops_rev_btn spacer spacer-right">Revoke
-                        </button>
-                    </td>
-                </tr>
-                </tbody>
-            </table>
-        </div>
-    </div>
                     </div>
-
-        <!-- Open OPS JITs -->
-
-
-    <!-- Approved JITs -->
-    <div class="row">
-        <div class="col-md-6 table-container">
-            <h2 class="toast-header">Approved Terminal JITs</h2>
-            <table id="approved-terminal-ztats-table" class="display">
-                <thead>
-                <tr>
-                    <th>Operation</th>
-                    <th>User</th>
-                    <th>System</th>
-                    <th>Uses Remaining</th>
-                </tr>
-                </thead>
-                <tbody>
-                <tr th:each="s : ${approvedTerminalJits}">
-                    <td th:text="${s.command}"></td>
-                    <td th:text="${s.userName}"></td>
-                    <td th:text="${s.hostName}"></td>
-                    <td th:text="${s.usesRemaining}"></td>
-                </tr>
-                </tbody>
-            </table>
-        </div>
-        <div class="col-md-6 table-container">
-            <h2 class="toast-header">Approved OPs JITs</h2>
-            <table id="approved-ops-ztats-table" class="display">
-                <thead>
-                <tr>
-                    <th>Operation</th>
-                    <th>User</th>
-                    <th>System</th>
-                    <th>Uses Remaining</th>
-                </tr>
-                </thead>
-                <tbody>
-                <tr th:each="s : ${approvedOpsJits}">
-                    <td th:text="${s.command}"></td>
-                    <td th:text="${s.userName}"></td>
-                    <td th:text="${s.hostName}"></td>
-                    <td th:text="${s.usesRemaining}"></td>
-                </tr>
-                </tbody>
-            </table>
-        </div>
-    </div>
-
-    <div class="row">
-        <div class="col-md-6 table-container">
-            <h2 class="toast-header">Denied Terminal JITs</h2>
-            <table id="denied-terminal-ztats-table" class="display">
-                <thead>
-                <tr>
-                    <th>Operation</th>
-                    <th>User</th>
-                    <th>System</th>
-                    <th>Uses Remaining</th>
-                </tr>
-                </thead>
-                <tbody>
-                <tr th:each="s : ${deniedTerminalJits}">
-                    <td th:text="${s.command}"></td>
-                    <td th:text="${s.userName}"></td>
-                    <td th:text="${s.hostName}"></td>
-                    <td th:text="${s.usesRemaining}"></td>
-                </tr>
-                </tbody>
-            </table>
-        </div>
-        <div class="col-md-6 table-container">
-            <h2 class="toast-header">Denied Ops JITs</h2>
-            <table id="denied-ops-ztats-table" class="display">
-                <thead>
-                <tr>
-                    <th>Operation</th>
-                    <th>User</th>
-                    <th>System</th>
-                    <th>Uses Remaining</th>
-                </tr>
-                </thead>
-                <tbody>
-                <tr th:each="s : ${deniedOpsJits}">
-                    <td th:text="${s.command}"></td>
-                    <td th:text="${s.userName}"></td>
-                    <td th:text="${s.hostName}"></td>
-                    <td th:text="${s.usesRemaining}"></td>
-                </tr>
-                </tbody>
-            </table>
-        </div>
-    </div>
-
-
-</div>
-            </div>
-        </div>
-    </div>
-
-<!-- Modals -->
-<template th:each="jr : ${openJits}" th:remove="tag">
-    <div th:id="'view_dialog_' + ${jr.id}" class="modal fade">
-        <div class="modal-dialog">
-            <div class="modal-content">
-                <div class="modal-header">
-                    <h5 class="modal-title">JIT Request Details</h5>
-                    <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
-                </div>
-                <div class="modal-body">
-                    <p><strong>Command:</strong> <span th:text="${jr.command}"></span></p>
-                    <p><strong>Reason:</strong> <span th:text="${jr.reason.commandNeed}"></span></p>
-                    <p><strong>Request Link:</strong> <span th:text="${jr.reason.requestLink.identifier}"></span></p>
-                </div>
-                <div class="modal-footer">
-                    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
                 </div>
+
             </div>
         </div>
     </div>
-</template>
+</div>
 
 <!-- DataTables Initialization -->
 <script>
     $(document).ready(function () {
-        // Initialize DataTables
-        $('#terminal-ztats-table').DataTable();
-        $('#ops-ztats-table').DataTable();
-        $('#approved-terminal-ztats-table').DataTable();
-        $('#approved-ops-ztats-table').DataTable();
-        $('#denied-terminal-ztats-table').DataTable();
-        $('#denied-ops-ztats-table').DataTable();
-
-        // Handle modal display logic
-        const queryString = window.location.search;
-        const urlParams = new URLSearchParams(queryString);
-        const modalId = urlParams.get('modalId');
-        if (modalId) {
-            new bootstrap.Modal(document.getElementById(modalId)).show();
-        }
-
-        //call delete action
-        $(".den_btn").button().click(function () {
-            var id = $(this).attr('id').replace("den_btn_", "");
-            window.location = '/api/v1/zerotrust/accesstoken/terminal/deny?ztatId=' + id;
-        });
-
-        $(".ops_den_btn").button().click(function () {
-            var id = $(this).attr('id').replace("ops_den_btn_", "");
-            window.location = '/v1/zerotrust/accesstoken/ops/deny?ztatId=' + id;
-        });
+        $('#open-terminal-table, #open-ops-table, #approved-tats-table, #denied-tats-table').DataTable();
 
-        $(".rev_btn").button().click(function () {
-            var id = $(this).attr('id').replace("rev_btn_", "");
-            window.location = '/api/v1/zerotrust/accesstoken/terminal/revoke?ztatId=' + id;
+        $(".app_btn").click(function () {
+            let id = this.id.split("_").pop();
+            $.get('/api/v1/zerotrust/accesstoken/terminal/approve?ztatId=' + id, {}, function() {
+                location.reload(); });
         });
 
-        $(".ops_rev_btn").button().click(function () {
-            var id = $(this).attr('id').replace("ops_rev_btn_", "");
-            window.location = '/v1/zerotrust/accesstoken/my/ops/revoke?ztatId=' + id;
+        $(".den_btn").click(function () {
+            let id = this.id.split("_").pop();
+            $.get('/api/v1/zerotrust/accesstoken/terminal/deny?ztatId='+ id, {}, function() { location.reload(); });
         });
 
-        $(".up_den_btn").button().click(function () {
-            var id = $(this).attr('id').replace("up_den_btn_", "");
-            window.location = '/manage/denyJIT?ztatId=' + id;
+        $(".rev_btn").click(function () {
+            let id = this.id.split("_").pop();
+            $.get('/api/v1/zerotrust/accesstoken/terminal/revoke?ztatId='+ id, {}, function() { location.reload(); });
         });
 
-        $(".up_app_btn").button().click(function () {
-            var id = $(this).attr('id').replace("up_app_btn_", "");
-            window.location = '/manage/approveJIT?ztatId=' + id;
+        $(".ops_app_btn").click(function () {
+            let id = this.id.split("_").pop();
+            $.get('/api/v1/zerotrust/accesstoken/ops/approve?ztatId='+ id, {}, function() { location.reload(); });
         });
 
-        $(".app_btn").button().click(function () {
-            var id = $(this).attr('id').replace("app_btn_", "");
-            console.log("ALKJDSLKJG");
-            window.location = '/api/v1/zerotrust/accesstoken/terminal/approve?ztatId=' + id;
+        $(".ops_den_btn").click(function () {
+            let id = this.id.split("_").pop();
+            $.get('/api/v1/zerotrust/accesstoken/ops/deny?ztatId='+ id, {}, function() { location.reload(); });
         });
 
-        $(".ops_app_btn").button().click(function () {
-            var id = $(this).attr('id').replace("ops_app_btn_", "");
-            window.location = '/api/v1/zerotrust/accesstoken/ops/approve?ztatId=' + id;
+        $(".ops_rev_btn").click(function () {
+            let id = this.id.split("_").pop();
+            $.get('/api/v1/zerotrust/accesstoken/my/ops/revoke?ztatId='+ id, {}, function() { location.reload(); });
         });
     });
 </script>
-</body>
 
+</body>
 </html>
diff --git a/core/src/main/java/io/sentrius/sso/automation/auditing/rules/TwoPartyAIMonitor.java b/core/src/main/java/io/sentrius/sso/automation/auditing/rules/TwoPartyAIMonitor.java
index 9d9e3235..2b4265d4 100644
--- a/core/src/main/java/io/sentrius/sso/automation/auditing/rules/TwoPartyAIMonitor.java
+++ b/core/src/main/java/io/sentrius/sso/automation/auditing/rules/TwoPartyAIMonitor.java
@@ -183,7 +183,8 @@ public Optional<Trigger> onMessage(Session.TerminalMessage text) {
                 analysis.get();
 
                 if (llmResponse.get() != null && llmQuestion.get() != null) {
-                    Trigger trg = llmQuestion.get() != null ? new Trigger(TriggerAction.PROMPT_ACTION, llmResponse.get(),
+                    Trigger trg = llmQuestion.get() != null && enableLLMQuestions ? new Trigger(TriggerAction.PROMPT_ACTION,
+                        llmResponse.get(),
                         llmQuestion.get()) :
                         new Trigger(TriggerAction.PERSISTENT_MESSAGE, llmResponse.get());
                     return Optional.of(trg);
diff --git a/core/src/main/java/io/sentrius/sso/config/KeycloakAuthSuccessHandler.java b/core/src/main/java/io/sentrius/sso/config/KeycloakAuthSuccessHandler.java
new file mode 100644
index 00000000..3473ca79
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/config/KeycloakAuthSuccessHandler.java
@@ -0,0 +1,79 @@
+package io.sentrius.sso.config;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import io.sentrius.sso.core.model.security.UserType;
+import io.sentrius.sso.core.model.users.User;
+import io.sentrius.sso.core.repository.UserRepository;
+import io.sentrius.sso.core.repository.UserTypeRepository;
+import io.sentrius.sso.core.services.JwtUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.keycloak.admin.client.Keycloak;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.List;
+import java.util.Optional;
+
+@Component
+@Slf4j
+public class KeycloakAuthSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
+
+    private final Keycloak keycloak;
+    private final UserRepository userRepository;
+    private final UserTypeRepository userTypeRepository;
+
+    public KeycloakAuthSuccessHandler(Keycloak keycloak, UserRepository userRepository,
+                                      UserTypeRepository userTypeRepository
+    ) {
+        this.keycloak = keycloak;
+        this.userRepository = userRepository;
+        this.userTypeRepository = userTypeRepository;
+    }
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+                                        Authentication authentication) throws IOException, ServletException {
+        var jwt = JwtUtil.getJWT();
+        Optional<String> userIdStr = JwtUtil.getUserId(jwt);
+        Optional<String> usernameStr = JwtUtil.getUsername(jwt);
+
+
+        if (usernameStr.isPresent()) {
+            log.info(" ** Syncing user attributes for user: {} ", usernameStr.get());
+            syncUserAttributes(jwt, usernameStr.get());
+        }
+
+        super.onAuthenticationSuccess(request, response, authentication);
+    }
+
+    private void syncUserAttributes(ObjectNode jwtNode, String userId) {
+        // Get Keycloak attributes
+
+        // Get user from DB
+        Optional<User> user = userRepository.findByUsername(userId);
+        var userTypeFromJwtNode = JwtUtil.getUserTypeName(jwtNode);
+        if (user.isPresent() && userTypeFromJwtNode.isPresent()) {
+            // Example: Syncing "userType" attribute
+            String keycloakUserType = userTypeFromJwtNode.get();
+            UserType dbUserType = user.get().getAuthorizationType();
+            log.info(" ** Syncing user attributes for user: {} and {}", userId, keycloakUserType);
+            if (keycloakUserType != null && !keycloakUserType.isEmpty()) {
+                String keycloakValue = keycloakUserType;
+                if (!keycloakValue.equals(dbUserType.getUserTypeName())) {
+                    Optional<UserType> newType = userTypeRepository.findByUserTypeName(keycloakValue);
+                    if (newType.isPresent()) {
+                        // Update database
+                        user.get().setAuthorizationType(newType.get());
+                        userRepository.save(user.get());
+                    }
+                }
+            }
+        } else {
+            log.info(" userTypeFromJwtNode not defined {} ", userTypeFromJwtNode);
+        }
+    }
+}
diff --git a/core/src/main/java/io/sentrius/sso/config/KeycloakConfig.java b/core/src/main/java/io/sentrius/sso/config/KeycloakConfig.java
new file mode 100644
index 00000000..b93b4ecc
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/config/KeycloakConfig.java
@@ -0,0 +1,45 @@
+package io.sentrius.sso.config;
+import lombok.extern.slf4j.Slf4j;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.KeycloakBuilder;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+
+@Configuration
+@Slf4j
+public class KeycloakConfig {
+
+    @Value("${keycloak.base-url}")
+    private String serverUrl;
+
+    @Value("${keycloak.realm}")
+    private String realm;
+
+    private final ClientRegistrationRepository clientRegistrationRepository;
+
+    public KeycloakConfig(ClientRegistrationRepository clientRegistrationRepository) {
+        this.clientRegistrationRepository = clientRegistrationRepository;
+    }
+
+    @Bean
+    public Keycloak keycloak() {
+        // Retrieve the Keycloak client registration at runtime
+        ClientRegistration keycloakClientRegistration = clientRegistrationRepository.findByRegistrationId("keycloak");
+
+        if (keycloakClientRegistration == null) {
+            throw new IllegalStateException("Keycloak client registration not found. Check your OAuth2 client configuration.");
+        }
+
+        return KeycloakBuilder.builder()
+            .serverUrl(serverUrl)
+            .realm(realm)
+            .grantType(OAuth2Constants.CLIENT_CREDENTIALS)
+            .clientId(keycloakClientRegistration.getClientId())
+            .clientSecret(keycloakClientRegistration.getClientSecret())
+            .build();
+    }
+}
diff --git a/core/src/main/java/io/sentrius/sso/config/security/KeycloakUserSyncFilter.java b/core/src/main/java/io/sentrius/sso/config/security/KeycloakUserSyncFilter.java
new file mode 100644
index 00000000..40dfbdc8
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/config/security/KeycloakUserSyncFilter.java
@@ -0,0 +1,46 @@
+package io.sentrius.sso.config.security;
+
+import io.sentrius.sso.core.services.KeycloakService;
+import io.sentrius.sso.core.services.UserAttributeSyncService;
+import lombok.extern.slf4j.Slf4j;
+import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import java.io.IOException;
+import java.util.Map;
+
+@Component
+@Slf4j
+public class KeycloakUserSyncFilter implements Filter {
+
+    private final KeycloakService keycloakService;
+    private final UserAttributeSyncService syncService;
+
+    public KeycloakUserSyncFilter(KeycloakService keycloakService, UserAttributeSyncService syncService) {
+        this.keycloakService = keycloakService;
+        this.syncService = syncService;
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+        throws IOException, ServletException {
+
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication instanceof KeycloakAuthenticationToken) {
+            KeycloakAuthenticationToken keycloakAuth = (KeycloakAuthenticationToken) authentication;
+            String userId = keycloakAuth.getAccount().getKeycloakSecurityContext().getToken().getSubject();
+            log.info("Syncing user attributes for user: {}", userId);
+            // Sync user attributes with the database
+            syncService.syncUserAttribute(userId);
+        }
+
+        chain.doFilter(request, response);
+    }
+}
diff --git a/core/src/main/java/io/sentrius/sso/core/config/SystemOptions.java b/core/src/main/java/io/sentrius/sso/core/config/SystemOptions.java
index 92b9a335..cc8ce607 100644
--- a/core/src/main/java/io/sentrius/sso/core/config/SystemOptions.java
+++ b/core/src/main/java/io/sentrius/sso/core/config/SystemOptions.java
@@ -186,13 +186,13 @@ public boolean setValue(String fieldName, Object fieldValue, boolean save){
     Field[] fields = this.getClass().getDeclaredFields();
     for (var field : fields) {
       if (field.getName().equalsIgnoreCase(fieldName)) {
-        log.info("Setting field {} to {}", fieldName, fieldValue);
+        log.debug("Setting field {} to {}", fieldName, fieldValue);
         try {
           field.set(this, fieldValue);
 
           // Update the AppConfig with the new field value
           dynamicPropertiesService.updateProperty(fieldName, fieldValue.toString());
-          log.info("Set field {} to {}", fieldName, fieldValue);
+          log.debug("Set field {} to {}", fieldName, fieldValue);
           return true;
         } catch (IllegalAccessException e) {
           log.error("Failed to update field {}", fieldName);
@@ -236,7 +236,7 @@ public Map<String, SystemOption> getOptions() throws IllegalAccessException {
         String fieldName = field.getName();
         Object fieldValue = field.get(this);
 
-        log.info("Field: {} Value: {}", fieldName, fieldValue);
+        log.trace("Field: {} Value: {}", fieldName, fieldValue);
 
         // Create a SystemOption object with the field details
         var sysOpt = SystemOption.builder()
diff --git a/core/src/main/java/io/sentrius/sso/core/model/WorkHours.java b/core/src/main/java/io/sentrius/sso/core/model/WorkHours.java
new file mode 100644
index 00000000..f4ec8130
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/core/model/WorkHours.java
@@ -0,0 +1,35 @@
+package io.sentrius.sso.core.model;
+
+import io.sentrius.sso.core.model.users.User;
+import jakarta.persistence.*;
+import lombok.*;
+
+import java.time.LocalTime;
+
+@Entity
+@Table(name = "work_hours",
+    uniqueConstraints = @UniqueConstraint(columnNames = {"user_id", "dayOfWeek"}))
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+@ToString
+public class WorkHours {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(fetch = FetchType.LAZY, optional = false)
+    @JoinColumn(name = "user_id", nullable = false)
+    private User user;
+
+    @Column(name = "day_of_week", nullable = false)
+    private Integer dayOfWeek; // 0 = Sunday, 6 = Saturday
+
+    @Column(name = "start_time", nullable = false)
+    private LocalTime startTime;
+
+    @Column(name = "end_time", nullable = false)
+    private LocalTime endTime;
+}
diff --git a/core/src/main/java/io/sentrius/sso/core/model/dto/DayOfWeekDTO.java b/core/src/main/java/io/sentrius/sso/core/model/dto/DayOfWeekDTO.java
new file mode 100644
index 00000000..e3c6c346
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/core/model/dto/DayOfWeekDTO.java
@@ -0,0 +1,11 @@
+package io.sentrius.sso.core.model.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
+public class DayOfWeekDTO {
+    private final int id;
+    private final String name;
+}
diff --git a/core/src/main/java/io/sentrius/sso/core/model/dto/JITTrackerDTO.java b/core/src/main/java/io/sentrius/sso/core/model/dto/JITTrackerDTO.java
index 138c7daf..5e452acd 100644
--- a/core/src/main/java/io/sentrius/sso/core/model/dto/JITTrackerDTO.java
+++ b/core/src/main/java/io/sentrius/sso/core/model/dto/JITTrackerDTO.java
@@ -12,6 +12,7 @@ public class JITTrackerDTO {
     private Long id;
     @Builder.Default
     private String status = "Open";
+    private String summary;
     private String command;
     private String commandHash;
     private String userName;
diff --git a/core/src/main/java/io/sentrius/sso/core/model/dto/UserDTO.java b/core/src/main/java/io/sentrius/sso/core/model/dto/UserDTO.java
index 8fcd272a..a6ff9cef 100644
--- a/core/src/main/java/io/sentrius/sso/core/model/dto/UserDTO.java
+++ b/core/src/main/java/io/sentrius/sso/core/model/dto/UserDTO.java
@@ -23,6 +23,9 @@ public class UserDTO {
     public String team;
     public String password;
 
+    @Builder.Default
+    public String status = "ACTIVE";
+
     @Builder.Default
     public List<HostGroupDTO> hostGroups = new ArrayList<>();
 
diff --git a/core/src/main/java/io/sentrius/sso/core/model/dto/UserTypeDTO.java b/core/src/main/java/io/sentrius/sso/core/model/dto/UserTypeDTO.java
index 43dbee42..8abb248b 100644
--- a/core/src/main/java/io/sentrius/sso/core/model/dto/UserTypeDTO.java
+++ b/core/src/main/java/io/sentrius/sso/core/model/dto/UserTypeDTO.java
@@ -51,7 +51,7 @@ public class UserTypeDTO {
     Set<String> accessSet = new HashSet<>();
 
     public UserTypeDTO(UserType type){
-        log.info("UserTypeDTO: {}", type);
+        log.trace("UserTypeDTO: {}", type);
         this.id = type.getId() ;
         this.userTypeName = type.getUserTypeName();
         this.automationAccess = type.getAutomationAccess().name();
diff --git a/core/src/main/java/io/sentrius/sso/core/model/security/AccessControlAspect.java b/core/src/main/java/io/sentrius/sso/core/model/security/AccessControlAspect.java
index 0bcf1fd5..c07daafd 100644
--- a/core/src/main/java/io/sentrius/sso/core/model/security/AccessControlAspect.java
+++ b/core/src/main/java/io/sentrius/sso/core/model/security/AccessControlAspect.java
@@ -12,6 +12,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
 import org.springframework.stereotype.Component;
@@ -25,6 +26,7 @@
 
 @Aspect
 @Component
+@Slf4j
 @RequiredArgsConstructor
 public class AccessControlAspect {
 
@@ -44,18 +46,21 @@ public void checkLimitAccess(LimitAccess limitAccess) throws SQLException, Gener
             // Get the required roles from the annotation
             for (var userAccess : accessAnnotation.userAccess()) {
                 if (!canAccess(operatingUser, userAccess)) {
+                    log.info("Access Denied to {} at {}", operatingUser, userAccess);
                     canAccess = false;
                     break;
                 }
             }
             for (var appAccess : accessAnnotation.applicationAccess()) {
                 if (!canAccess(operatingUser, appAccess)) {
+                    log.info("Access Denied to {} at {}", operatingUser, appAccess);
                     canAccess = false;
                     break;
                 }
             }
 
             if (!canAccess) {
+
                 throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Access Denied to ");
             }
         }
diff --git a/core/src/main/java/io/sentrius/sso/core/model/zt/OpsZeroTrustAcessTokenRequest.java b/core/src/main/java/io/sentrius/sso/core/model/zt/OpsZeroTrustAcessTokenRequest.java
index d1a30c2f..cc353f9a 100644
--- a/core/src/main/java/io/sentrius/sso/core/model/zt/OpsZeroTrustAcessTokenRequest.java
+++ b/core/src/main/java/io/sentrius/sso/core/model/zt/OpsZeroTrustAcessTokenRequest.java
@@ -38,6 +38,9 @@ public class OpsZeroTrustAcessTokenRequest {
     @Column(name = "command", nullable = false)
     private String command;
 
+    @Column(name = "summary", columnDefinition = "TEXT")
+    private String summary;
+
     @Column(name = "command_hash", nullable = false)
     private String commandHash;
 
diff --git a/core/src/main/java/io/sentrius/sso/core/repository/WorkHoursRepository.java b/core/src/main/java/io/sentrius/sso/core/repository/WorkHoursRepository.java
new file mode 100644
index 00000000..dc1944e9
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/core/repository/WorkHoursRepository.java
@@ -0,0 +1,19 @@
+package io.sentrius.sso.core.repository;
+
+import java.util.List;
+import java.util.Optional;
+import io.sentrius.sso.core.model.WorkHours;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+@Repository
+public interface WorkHoursRepository extends JpaRepository<WorkHours, Long> {
+
+    @Query("SELECT w FROM WorkHours w WHERE w.user.id = :userId " +
+        "AND FUNCTION('TIME', CURRENT_TIMESTAMP) BETWEEN w.startTime AND w.endTime")
+    List<WorkHours> findWorkHoursByTime(@Param("userId") Long userId);
+
+    List<WorkHours> findByUserId(Long userId);
+}
diff --git a/core/src/main/java/io/sentrius/sso/core/services/JwtUtil.java b/core/src/main/java/io/sentrius/sso/core/services/JwtUtil.java
new file mode 100644
index 00000000..353f34fc
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/core/services/JwtUtil.java
@@ -0,0 +1,86 @@
+package io.sentrius.sso.core.services;
+
+import java.util.Optional;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import io.sentrius.sso.core.utils.JsonUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.jwt.Jwt;
+
+@Slf4j
+public class JwtUtil {
+    public static ObjectNode getJWT() {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication != null && authentication.isAuthenticated()) {
+            if (authentication.getPrincipal() instanceof Jwt) {
+                Jwt jwt = (Jwt) authentication.getPrincipal();
+                ObjectNode node = JsonUtil.MAPPER.createObjectNode();
+                node.put("sub", jwt.getClaimAsString("sub"));
+                return node;
+            } else {
+                try {
+                    String jwt = JsonUtil.MAPPER
+                        .registerModule(new JavaTimeModule())
+                        .writeValueAsString(authentication.getPrincipal());
+                    return (ObjectNode) JsonUtil.MAPPER.readTree(jwt);
+                } catch (Exception e) {
+                    e.printStackTrace();
+                }
+            }
+        }
+        return JsonUtil.MAPPER.createObjectNode();
+    }
+
+    public static Optional<String> getEmail(ObjectNode jwt) {
+        var claims = jwt.get("claims");
+        if (claims != null) {
+            var email = claims.get("email");
+            if (null != email){
+                return Optional.of(email.asText());
+            }
+        }
+        return Optional.of("");
+    }
+
+    public static Optional<String> getUserId(ObjectNode jwt) {
+
+        var claims = jwt.get("claims");
+        if (claims != null) {
+            var userId = claims.get("sub"); // change to sub for a user id
+            if (null != userId){
+                return Optional.of(userId.asText());
+            }
+        }
+        return Optional.empty();
+
+    }
+
+    public static Optional<String> getUsername(ObjectNode jwt) {
+
+        var claims = jwt.get("claims");
+        if (claims != null) {
+            var userId = claims.get("preferred_username"); // change to sub for a user id
+            if (null != userId){
+                return Optional.of(userId.asText());
+            }
+        }
+        return Optional.empty();
+
+    }
+
+    public static Optional<String> getUserTypeName(ObjectNode jwt) {
+        
+        var claims = jwt.get("claims");
+        if (claims != null) {
+            var userId = claims.get("userType"); // change to sub for a user id
+            if (null != userId){
+                return Optional.of(userId.asText());
+            }
+        }
+        return Optional.empty();
+
+    }
+}
diff --git a/core/src/main/java/io/sentrius/sso/core/services/KeycloakService.java b/core/src/main/java/io/sentrius/sso/core/services/KeycloakService.java
new file mode 100644
index 00000000..eedbe511
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/core/services/KeycloakService.java
@@ -0,0 +1,53 @@
+package io.sentrius.sso.core.services;
+import io.sentrius.sso.core.model.security.UserType;
+import lombok.extern.slf4j.Slf4j;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.resource.UsersResource;
+import org.keycloak.representations.idm.UserRepresentation;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+import org.springframework.web.client.RestTemplate;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+@Slf4j
+@Service
+public class KeycloakService {
+
+    private final Keycloak keycloak;
+
+    @Value("${keycloak.realm}")
+    private String realm;
+
+    public KeycloakService(Keycloak keycloak) {
+        this.keycloak = keycloak;
+    }
+
+    public Map<String, List<String>> getUserAttributes(String userId) {
+        UsersResource usersResource = keycloak.realm(realm).users();
+        UserRepresentation user = usersResource.get(userId).toRepresentation();
+        return user.getAttributes();
+    }
+
+    public void updateUserType(String userId, UserType newUserType) {
+        // Get Users Resource
+        UsersResource usersResource = keycloak.realm(realm).users();
+
+        // Get the existing user
+        UserRepresentation user = usersResource.get(userId).toRepresentation();
+
+        // Update userType attribute
+        Map<String, List<String>> attributes = user.getAttributes();
+        if (attributes == null) {
+            attributes = new HashMap<>();
+        }
+        attributes.put("userType", Collections.singletonList(newUserType.getUserTypeName()));
+        user.setAttributes(attributes);
+
+        // Update user in Keycloak
+        usersResource.get(userId).update(user);
+        log.info("✅ Updated userType for user: " + userId + " to: " + newUserType);
+    }
+}
diff --git a/core/src/main/java/io/sentrius/sso/core/services/UserAttributeSyncService.java b/core/src/main/java/io/sentrius/sso/core/services/UserAttributeSyncService.java
new file mode 100644
index 00000000..970419c8
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/core/services/UserAttributeSyncService.java
@@ -0,0 +1,53 @@
+package io.sentrius.sso.core.services;
+import io.sentrius.sso.core.model.security.UserType;
+import io.sentrius.sso.core.model.users.User;
+import io.sentrius.sso.core.repository.UserRepository;
+import io.sentrius.sso.core.repository.UserTypeRepository;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+@Service
+@Slf4j
+public class UserAttributeSyncService {
+
+    private final KeycloakService keycloakService;
+    private final UserRepository userRepository;
+    private final UserTypeRepository userTypeRepository;
+
+    public UserAttributeSyncService(KeycloakService keycloakService, UserRepository userRepository,
+                                    UserTypeRepository userTypeRepository
+    ) {
+        this.keycloakService = keycloakService;
+        this.userRepository = userRepository;
+        this.userTypeRepository = userTypeRepository;
+    }
+
+    public void syncUserAttribute(String userId) {
+        // Get user attribute from Keycloak
+        Map<String, List<String>> keycloakAttributes = keycloakService.getUserAttributes(userId);
+
+        // Get user from DB
+        Optional<User> user = userRepository.findByUsername(userId);
+
+        if (user.isPresent()) {
+            // Example: Syncing "userType" attribute
+            List<String> keycloakUserType = keycloakAttributes.get("userType");
+            UserType dbUserType = user.get().getAuthorizationType();
+
+            if (keycloakUserType != null && !keycloakUserType.isEmpty()) {
+                String keycloakValue = keycloakUserType.get(0);
+                if (!keycloakValue.equals(dbUserType.getUserTypeName())) {
+                    Optional<UserType> newType = userTypeRepository.findByUserTypeName(keycloakValue);
+                    if (newType.isPresent()) {
+                        // Update database
+                        user.get().setAuthorizationType(newType.get());
+                        userRepository.save(user.get());
+                    }
+                }
+            }
+        }
+    }
+}
diff --git a/core/src/main/java/io/sentrius/sso/core/services/UserService.java b/core/src/main/java/io/sentrius/sso/core/services/UserService.java
index dd6ad9f7..b5c3acdf 100644
--- a/core/src/main/java/io/sentrius/sso/core/services/UserService.java
+++ b/core/src/main/java/io/sentrius/sso/core/services/UserService.java
@@ -6,10 +6,6 @@
 import java.util.Optional;
 import java.util.UUID;
 import java.util.stream.Collectors;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.node.ObjectNode;
-import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import io.sentrius.sso.core.model.dto.UserTypeDTO;
 import io.sentrius.sso.core.repository.ProfileRepository;
 import io.sentrius.sso.core.repository.UserRepository;
@@ -23,21 +19,14 @@
 import io.sentrius.sso.core.security.service.CookieService;
 import io.sentrius.sso.core.security.service.CryptoService;
 import io.sentrius.sso.core.utils.ByteUtils;
-import io.sentrius.sso.core.utils.JsonUtil;
 import io.sentrius.sso.core.utils.UIMessaging;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import jakarta.servlet.http.HttpSession;
 import jakarta.transaction.Transactional;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import net.minidev.json.JSONObject;
 import org.hibernate.Hibernate;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.stereotype.Service;
 
 @Slf4j
@@ -76,21 +65,30 @@ public User getOperatingUser(HttpServletRequest request,
                                  HttpServletResponse response,
                                  UIMessaging userMessage
                                  ) {
-        var jwt = getJWT();
-        Optional<String> userIdStr = getUserId(jwt);
-        Optional<String> usernameStr = getUsername(jwt);
-        Optional<String> email = getEmail(jwt);
+        var jwt = JwtUtil.getJWT();
+        Optional<String> userIdStr = JwtUtil.getUserId(jwt);
+        Optional<String> usernameStr = JwtUtil.getUsername(jwt);
+        Optional<String> email = JwtUtil.getEmail(jwt);
         if (userIdStr.isPresent() && usernameStr.isPresent()) {
             try {
                 //Long userId = ByteUtils.convertToLong(userIdStr);
                 User operatingUser = UserDB.getByUsername(usernameStr.get());
                 if (operatingUser == null) {
+                    var userUserType = UserType.createSystemAdmin();
+                    Optional<String> userType = JwtUtil.getUserTypeName(jwt);
+                    if (!userType.isEmpty()) {
+                        String keycloakUserType = userType.get();
+                        Optional<UserType> newType = userTypeRepository.findByUserTypeName(keycloakUserType);
+                        if (newType.isPresent()) {
+                            userUserType = newType.get();
+                        }
+                    }
                     operatingUser = User.builder()
                         .username(usernameStr.get())
                         .emailAddress(email.get())
                         .password(UUID.randomUUID().toString())
                         .userId(userIdStr.get())
-                        .authorizationType(UserType.createSystemAdmin())
+                        .authorizationType(userUserType)
                         .build();
                     log.info("Creating new user: {}", operatingUser);
                     save(operatingUser);
@@ -182,78 +180,7 @@ public User getOperatingUser(HttpServletRequest request,
         }
     }
 
-    private Optional<String> getEmail(ObjectNode jwt) {
-        var claims = jwt.get("claims");
-        if (claims != null) {
-            var email = claims.get("email");
-            if (null != email){
-                return Optional.of(email.asText());
-            }
-        }
-        return Optional.of("");
-    }
 
-    private ObjectNode getJWT() {
-        /*
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        if (authentication != null && authentication.isAuthenticated()) {
-            if (null != session.getAttribute(USER_ID_CLAIM) ) {
-                return session.getAttribute(USER_ID_CLAIM).toString();
-            }
-        }
-        return null;*/
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-
-        if (authentication != null && authentication.isAuthenticated()) {
-            if (authentication.getPrincipal() instanceof Jwt) {
-                Jwt jwt = (Jwt) authentication.getPrincipal();
-                ObjectNode node = JsonUtil.MAPPER.createObjectNode();
-                node.put("sub",jwt.getClaimAsString("sub"));
-                return node; // Keycloak's default user ID claim
-            } else {
-                try {
-                    String jwt = JsonUtil.MAPPER
-                        .registerModule(new JavaTimeModule())
-                        .writeValueAsString(authentication.getPrincipal());
-                    ObjectNode node = (ObjectNode) JsonUtil.MAPPER.readTree(jwt);
-                   return node;
-
-
-                } catch (Exception e) {
-                    e.printStackTrace();
-                }
-
-            }
-
-        }
-        return JsonUtil.MAPPER.createObjectNode();
-    }
-
-    private Optional<String> getUserId(ObjectNode jwt) {
-
-            var claims = jwt.get("claims");
-            if (claims != null) {
-                var userId = claims.get("sub"); // change to sub for a user id
-                if (null != userId){
-                    return Optional.of(userId.asText());
-                }
-        }
-            return Optional.empty();
-
-    }
-
-    private Optional<String> getUsername(ObjectNode jwt) {
-
-        var claims = jwt.get("claims");
-        if (claims != null) {
-            var userId = claims.get("preferred_username"); // change to sub for a user id
-            if (null != userId){
-                return Optional.of(userId.asText());
-            }
-        }
-        return Optional.empty();
-
-    }
 
     private User createUnknownUser() {
         User user = new User();
@@ -322,4 +249,8 @@ public Optional<User> findByUsername(String username) {
     public User save(User user) {
         return UserDB.save(user);
     }
+
+    public User getUserById(Long id) {
+        return UserDB.getById(id);
+    }
 }
diff --git a/core/src/main/java/io/sentrius/sso/core/services/WorkHoursService.java b/core/src/main/java/io/sentrius/sso/core/services/WorkHoursService.java
new file mode 100644
index 00000000..0ed80e7b
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/core/services/WorkHoursService.java
@@ -0,0 +1,28 @@
+package io.sentrius.sso.core.services;
+
+import java.time.LocalDate;
+import java.util.List;
+import java.util.Optional;
+import io.sentrius.sso.core.model.WorkHours;
+import io.sentrius.sso.core.repository.WorkHoursRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class WorkHoursService {
+
+    private final WorkHoursRepository workHoursRepository;
+
+    public boolean isUserWithinWorkHours(Long userId) {
+        List<WorkHours> workHoursList = workHoursRepository.findWorkHoursByTime(userId);
+
+        int today = LocalDate.now().getDayOfWeek().getValue() % 7; // Ensures 0 = Sunday, 6 = Saturday
+
+        return workHoursList.stream().anyMatch(w -> w.getDayOfWeek() == today);
+    }
+
+    public List<WorkHours> getWorkHoursForUser(Long userId) {
+        return workHoursRepository.findByUserId(userId);
+    }
+}
\ No newline at end of file
diff --git a/core/src/main/java/io/sentrius/sso/core/services/ZeroTrustAccessTokenService.java b/core/src/main/java/io/sentrius/sso/core/services/ZeroTrustAccessTokenService.java
index 0bc95a0a..6bb1f574 100644
--- a/core/src/main/java/io/sentrius/sso/core/services/ZeroTrustAccessTokenService.java
+++ b/core/src/main/java/io/sentrius/sso/core/services/ZeroTrustAccessTokenService.java
@@ -68,6 +68,25 @@ public ZeroTrustAccessTokenRequest createRequest(
     return request;
   }
 
+  public OpsZeroTrustAcessTokenRequest createOpsRequest(
+      @NonNull String summary,
+      @NonNull String command,
+      @NonNull ZeroTrustAccessTokenReason reason,
+      @NonNull User user){
+
+    OpsZeroTrustAcessTokenRequest request =
+        OpsZeroTrustAcessTokenRequest.builder()
+            .command(command)
+            .ztatReason(reason)
+            .user(user)
+            .commandHash(ZTATUtils.getCommandHash(command))
+            .summary(summary)
+            .lastUpdated(new Timestamp(System.currentTimeMillis()))
+            .build();
+    return request;
+  }
+
+
 
   public boolean isApproved(
       @NonNull String command, @NonNull User user , @NonNull HostSystem system)
diff --git a/core/src/main/java/io/sentrius/sso/core/services/ZeroTrustRequestService.java b/core/src/main/java/io/sentrius/sso/core/services/ZeroTrustRequestService.java
index 6eb6352b..b1e56595 100644
--- a/core/src/main/java/io/sentrius/sso/core/services/ZeroTrustRequestService.java
+++ b/core/src/main/java/io/sentrius/sso/core/services/ZeroTrustRequestService.java
@@ -64,7 +64,19 @@ public OpsZeroTrustAcessTokenRequest getOpsAccessTokenRequestById(Long ztatId) {
     }
 
     @Transactional
-    public ZeroTrustAccessTokenRequest createJITRequest(ZeroTrustAccessTokenRequest ztatRequest) {
+    public OpsZeroTrustAcessTokenRequest createOpsTATRequest(OpsZeroTrustAcessTokenRequest ztatRequest) {
+        try {
+            OpsZeroTrustAcessTokenRequest savedRequest = opsJITRequestRepository.save(ztatRequest);
+            log.info("JITRequest created: {}", savedRequest);
+            return savedRequest;
+        } catch (Exception e) {
+            log.error("Error while creating JITRequest", e);
+            throw new RuntimeException("Failed to create JITRequest", e);
+        }
+    }
+
+    @Transactional
+    public ZeroTrustAccessTokenRequest createTATRequest(ZeroTrustAccessTokenRequest ztatRequest) {
         try {
             ZeroTrustAccessTokenRequest savedRequest = ztatRequestRepository.save(ztatRequest);
             log.info("JITRequest created: {}", savedRequest);
@@ -308,6 +320,7 @@ private JITTrackerDTO convertToDTO(ZeroTrustAccessTokenRequest request) {
     private JITTrackerDTO convertToDTO(OpsZeroTrustAcessTokenRequest request) {
         return JITTrackerDTO.builder()
             .id(request.getId())
+            .summary(request.getSummary())
             .command(request.getCommand())
             .commandHash(request.getCommandHash())
             .userName(request.getUser().getUsername())
diff --git a/docker/keycloak/realms/sentrius-realm.json b/docker/keycloak/realms/sentrius-realm.json
index 64b1e511..75ee69cf 100644
--- a/docker/keycloak/realms/sentrius-realm.json
+++ b/docker/keycloak/realms/sentrius-realm.json
@@ -9,8 +9,31 @@
       "secret": "nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0",
       "rootUrl": "${ROOT_URL}",
       "baseUrl": "${ROOT_URL}",
-      "redirectUris": ["${REDIRECT_URIS}/*"],
-      "protocol": "openid-connect"
+      "redirectUris": [
+        "${REDIRECT_URIS}/*"
+      ],
+      "protocol": "openid-connect",
+      "attributes": {
+        "access.token.claim": "true",
+        "id.token.claim": "true",
+        "userinfo.token.claim": "true"
+      },
+      "protocolMappers": [
+        {
+          "name": "userType",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "userinfo.token.claim": "true",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "userType",
+            "jsonType.label": "String",
+            "user.attribute": "userType"
+          }
+        }
+      ]
     }
   ],
   "roles": {
@@ -26,23 +49,13 @@
     ]
   },
   "users": [
-    {
-      "username": "test",
-      "enabled": true,
-      "emailVerified": true,
-      "credentials": [
-        {
-          "type": "password",
-          "value": "test",
-          "temporary": false
-        }
-      ],
-      "realmRoles": ["user"]
-    },
     {
       "username": "admin",
       "enabled": true,
       "emailVerified": true,
+      "attributes": {
+        "userType": "Full Access"
+      },
       "credentials": [
         {
           "type": "password",
@@ -50,20 +63,9 @@
           "temporary": false
         }
       ],
-      "realmRoles": ["user"]
-    },
-    {
-      "username": "jit",
-      "enabled": true,
-      "emailVerified": true,
-      "credentials": [
-        {
-          "type": "password",
-          "value": "jit",
-          "temporary": false
-        }
-      ],
-      "realmRoles": ["user"]
+      "realmRoles": [
+        "user"
+      ]
     }
   ],
   "identityProviders": [
@@ -86,5 +88,117 @@
         "userInfoUrl": "https://openidconnect.googleapis.com/v1/userinfo"
       }
     }
-  ]
-}
+  ],
+  "components": {
+    "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
+      {
+        "name": "Allowed Client Scopes",
+        "providerId": "allowed-client-templates",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "allow-default-scopes": [
+            "true"
+          ]
+        }
+      },
+      {
+        "name": "Allowed Protocol Mapper Types",
+        "providerId": "allowed-protocol-mappers",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "allowed-protocol-mapper-types": [
+            "saml-user-attribute-mapper",
+            "saml-role-list-mapper",
+            "saml-user-property-mapper",
+            "oidc-usermodel-property-mapper",
+            "oidc-usermodel-attribute-mapper",
+            "oidc-sha256-pairwise-sub-mapper",
+            "oidc-address-mapper",
+            "oidc-full-name-mapper"
+          ]
+        }
+      },
+      {
+        "name": "Trusted Hosts",
+        "providerId": "trusted-hosts",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "host-sending-registration-request-must-match": [
+            "true"
+          ],
+          "client-uris-must-match": [
+            "true"
+          ]
+        }
+      },
+      {
+        "name": "Allowed Client Scopes",
+        "providerId": "allowed-client-templates",
+        "subType": "authenticated",
+        "subComponents": {},
+        "config": {
+          "allow-default-scopes": [
+            "true"
+          ]
+        }
+      },
+      {
+        "name": "Consent Required",
+        "providerId": "consent-required",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {}
+      },
+      {
+        "name": "Allowed Protocol Mapper Types",
+        "providerId": "allowed-protocol-mappers",
+        "subType": "authenticated",
+        "subComponents": {},
+        "config": {
+          "allowed-protocol-mapper-types": [
+            "oidc-usermodel-attribute-mapper",
+            "oidc-usermodel-property-mapper",
+            "saml-role-list-mapper",
+            "oidc-address-mapper",
+            "oidc-sha256-pairwise-sub-mapper",
+            "saml-user-attribute-mapper",
+            "oidc-full-name-mapper",
+            "saml-user-property-mapper"
+          ]
+        }
+      },
+      {
+        "name": "Max Clients Limit",
+        "providerId": "max-clients",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {
+          "max-clients": [
+            "200"
+          ]
+        }
+      },
+      {
+        "name": "Full Scope Disabled",
+        "providerId": "scope",
+        "subType": "anonymous",
+        "subComponents": {},
+        "config": {}
+      }
+    ],
+    "org.keycloak.userprofile.UserProfileProvider": [
+      {
+        "providerId": "declarative-user-profile",
+        "subComponents": {},
+        "config": {
+          "kc.user.profile.config": [
+            "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"userType\",\"displayName\":\"\",\"validations\":{},\"annotations\":{\"inputTypePlaceholder\":\"System Admin\"},\"permissions\":{\"view\":[],\"edit\":[\"admin\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}"
+          ]
+        }
+      }
+    ]
+  }
+}
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index b01b9c0a..3b081889 100644
--- a/pom.xml
+++ b/pom.xml
@@ -36,6 +36,7 @@
     <mockito.version>5.10.0</mockito.version>
     <keycloak-version>25.0.3</keycloak-version>
     <caffeine-version>3.2.0</caffeine-version>
+    <snowflake-ingest-version>3.0.1</snowflake-ingest-version>
   </properties>
   <dependencyManagement>
     <dependencies>
@@ -289,6 +290,13 @@
         <artifactId>keycloak-spring-boot-starter</artifactId>
         <version>${keycloak-version}</version>
       </dependency>
+      <!-- https://mvnrepository.com/artifact/net.snowflake/snowflake-ingest-sdk -->
+      <dependency>
+        <groupId>net.snowflake</groupId>
+        <artifactId>snowflake-ingest-sdk</artifactId>
+        <version>${snowflake-ingest-version}</version>
+      </dependency>
+
     </dependencies>
   </dependencyManagement>
   <build>
diff --git a/sentrius-gcp-chart/templates/configmap.yaml b/sentrius-gcp-chart/templates/configmap.yaml
index 5f80a0f0..87d65428 100644
--- a/sentrius-gcp-chart/templates/configmap.yaml
+++ b/sentrius-gcp-chart/templates/configmap.yaml
@@ -46,6 +46,8 @@ data:
     server.error.whitelabel.enabled=false
     dynamic.properties.path=/config/dynamic.properties
     keycloak.realm=sentrius
+    keycloak.base-url=https://keycloak.{{ .Values.subdomain }}
+
     # Keycloak configuration
     spring.security.oauth2.client.registration.keycloak.client-id={{ .Values.sentrius.oauth2.client_id }}
     spring.security.oauth2.client.registration.keycloak.client-secret={{ .Values.sentrius.oauth2.client_secret }}
@@ -96,6 +98,7 @@ data:
     server.error.whitelabel.enabled=false
     dynamic.properties.path=/config/dynamic.properties
     keycloak.realm=sentrius
+    keycloak.base-url=https://keycloak.{{ .Values.subdomain }}
     management.endpoints.web.exposure.include=health
     management.endpoint.health.show-details=always
     # Keycloak configuration
@@ -118,7 +121,7 @@ data:
     systemLogoName={{ .Values.tenant }}
     AccessTokenAuditor.rule.4=io.sentrius.sso.automation.auditing.rules.OpenAISessionRule;Malicious AI Monitoring
     AccessTokenAuditor.rule.5=io.sentrius.sso.automation.auditing.rules.TwoPartyAIMonitor;AI Second Party Monitor
-    AccessTokenAuditor.rule.6=io.sentrius.sso.automation.auditing.rules.SudoApproval;Root JIT Approval
+    AccessTokenAuditor.rule.6=io.sentrius.sso.automation.auditing.rules.SudoApproval;Sudo Approval
     allowProxies=true
     AccessTokenAuditor.rule.2=io.sentrius.sso.automation.auditing.rules.DeletePrevention;Delete Prevention
     AccessTokenAuditor.rule.3=io.sentrius.sso.automation.auditing.rules.TwoPartySessionRule;Require Second Party Monitoring
diff --git a/sentrius-gcp-chart/values.yaml b/sentrius-gcp-chart/values.yaml
index b153b10e..dd270c07 100644
--- a/sentrius-gcp-chart/values.yaml
+++ b/sentrius-gcp-chart/values.yaml
@@ -89,7 +89,7 @@ keycloak:
     pullPolicy: IfNotPresent
   host: keycloak.default.svc.cluster.local
   adminUser: admin
-  adminPassword: admin
+  adminPassword: nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0@1
   port: 8081
   clientId: sentrius-api
   clientSecret: nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0