diff --git a/.local.env b/.local.env
index a9b1dc12..e2b5c1bb 100644
--- a/.local.env
+++ b/.local.env
@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.1.345
+SENTRIUS_VERSION=1.1.369
 SENTRIUS_SSH_VERSION=1.1.41
 SENTRIUS_KEYCLOAK_VERSION=1.1.53
 SENTRIUS_AGENT_VERSION=1.1.42
diff --git a/.local.env.bak b/.local.env.bak
index a9b1dc12..e2b5c1bb 100644
--- a/.local.env.bak
+++ b/.local.env.bak
@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.1.345
+SENTRIUS_VERSION=1.1.369
 SENTRIUS_SSH_VERSION=1.1.41
 SENTRIUS_KEYCLOAK_VERSION=1.1.53
 SENTRIUS_AGENT_VERSION=1.1.42
diff --git a/api/src/main/resources/templates/fragments/header.html b/api/src/main/resources/templates/fragments/header.html
index d450a324..2d026470 100644
--- a/api/src/main/resources/templates/fragments/header.html
+++ b/api/src/main/resources/templates/fragments/header.html
@@ -69,6 +69,34 @@
             margin: 0; /* Remove outer margin */
             padding: 5px 10px; /* Adjust padding to desired amount */
         }
+
+        /* Sidebar-specific nav pills */
+        #menu.nav-pills .nav-link {
+            background: transparent;
+            color: #adb5bd;
+            border-radius: 8px;
+            padding: .65rem .9rem;
+            width: 100%;
+            text-align: left;
+        }
+
+        #menu.nav-pills .nav-link.active {
+            background-color: #0d6efd; /* blue highlight */
+            color: #fff;
+        }
+
+        /* Only affect page-content pills, not sidebar */
+        .main-content .nav-pills .nav-link {
+            background: var(--surface-2);
+            color: var(--muted);
+            border-radius: 999px;
+        }
+
+        .main-content .nav-pills .nav-link.active {
+            background: var(--primary);
+            color: #fff;
+        }
+
     </style>
 
     <script th:inline="javascript">
diff --git a/api/src/main/resources/templates/sso/ztats/view_ztats.html b/api/src/main/resources/templates/sso/ztats/view_ztats.html
index ed02eb0b..0aa4a5b2 100755
--- a/api/src/main/resources/templates/sso/ztats/view_ztats.html
+++ b/api/src/main/resources/templates/sso/ztats/view_ztats.html
@@ -6,50 +6,84 @@
 
     <!-- Styles -->
     <style>
-        body {
-            background-color: #121212;
-            color: #eaeaea;
+        :root {
+            --bg: #121212;
+            --surface: #1e1e1e;
+            --surface-2: #242424;
+            --border: #383838;
+            --text: #eaeaea;
+            --muted: #adb5bd;
+            --primary: #0d6efd;
+            --success: #28a745;
+            --danger: #dc3545;
+            --warning: #ffc107;
         }
+        body { background-color: var(--bg); color: var(--text); }
+        .container { margin-top: 20px; }
 
-        .container {
-            margin-top: 20px;
+        /* Sidebar vs Content pill scoping */
+        #menu.nav-pills .nav-link {
+            background: transparent; color: #adb5bd; border-radius: 8px; padding: .65rem .9rem; width: 100%; text-align: left;
         }
-
-        .toast-header {
-            font-size: 1.5rem;
-            font-weight: bold;
-            margin-bottom: 15px;
-            color: #f8f9fa;
-        }
-
-        .modal-content {
-            background-color: #1e1e1e;
-            color: #eaeaea;
-        }
-
-        .btn-secondary, .btn-secondary, .btn-danger {
-            transition: background-color 0.3s ease;
-        }
-
-        .table-striped tbody tr:nth-of-type(odd) {
-            background-color: #2b2b2b;
-        }
-
-        .table-striped tbody tr:hover {
-            background-color: #3a3a3a;
-        }
-
-        .icon-btn {
-            border: none;
-            background: transparent;
-            color: #eaeaea;
-            font-size: 1.2rem;
-            cursor: pointer;
-        }
-
-        .icon-btn:hover {
-            color: #007bff;
+        #menu.nav-pills .nav-link.active { background-color: #0d6efd; color: #fff; }
+        .main-content .nav-pills .nav-link { background: var(--surface-2); color: var(--muted); border-radius: 999px; }
+        .main-content .nav-pills .nav-link.active { background: var(--primary); color: #fff; }
+
+        /* Page header */
+        .page-header { margin: 8px 0 18px; display: flex; align-items: center; justify-content: space-between; gap: 16px; flex-wrap: wrap; }
+        .page-title {
+            font-size: 1.6rem; font-weight: 700; margin: 0;
+            background: linear-gradient(135deg, var(--primary), #6610f2);
+            -webkit-background-clip: text; -webkit-text-fill-color: transparent; background-clip: text;
         }
+        .page-subtitle { color: var(--muted); margin: 2px 0 0; font-size: .95rem; }
+        .toolbar { display: flex; align-items: center; gap: 8px; flex-wrap: wrap; }
+        .btn-ghost { background: var(--surface-2); color: var(--text); border: 1px solid var(--border); border-radius: 999px; padding: .4rem .9rem; font-weight: 600; }
+        .btn-ghost:hover { border-color: var(--primary); color: #fff; }
+        #globalSearch { min-width: 220px; background: var(--surface-2); border: 1px solid var(--border); color: var(--text); }
+
+        /* Tabs */
+        .nav-tabs { border-bottom: 2px solid var(--border); margin-bottom: .75rem; }
+        .nav-tabs .nav-link { background: transparent; border: none; color: var(--muted); font-weight: 600; padding: .9rem 1.1rem; border-radius: 10px 10px 0 0; }
+        .nav-tabs .nav-link.active { color: var(--primary); background: rgba(13,110,253,.14); border-bottom: 3px solid var(--primary); }
+
+        /* Cards around tables */
+        .table-card { background: var(--surface); border: 1px solid var(--border); border-radius: 14px; padding: 10px 10px 2px; box-shadow: 0 8px 24px rgba(0,0,0,.25); margin-bottom: 14px; }
+
+        /* DataTables – dark normalize */
+        table.dataTable { color: var(--text); border-collapse: separate; border-spacing: 0; width: 100% !important; }
+        /* Header */
+        table.dataTable thead th { background: var(--surface-2) !important; color: #fff !important; border-bottom: 1px solid var(--border) !important; padding: .65rem .75rem; }
+        /* Body cells */
+        table.dataTable tbody td, table.dataTable tbody th { border-bottom: 1px solid #2a2a2a !important; padding: .65rem .75rem; color: #eaeaea; }
+        /* Base row colors (no transparency) */
+        table.dataTable tbody tr { background-color: #1e1e1e !important; }
+        /* Dark striped alternation */
+        table.dataTable tbody tr:nth-of-type(odd) { background-color: #2b2b2b !important; }
+        /* Hover state */
+        table.dataTable tbody tr:hover { background-color: #333333 !important; color: #fff; }
+        /* Sorted column highlight—keep subtle and dark */
+        table.dataTable tbody td.sorting_1, table.dataTable tbody td.sorting_2, table.dataTable tbody td.sorting_3 { background-color: rgba(255,255,255,.06) !important; }
+        /* IMPORTANT: remove DT's default odd/even transparent overrides */
+        table.dataTable tbody tr.odd, table.dataTable tbody tr.even { background-color: unset !important; }
+
+        /* Status badges (optional) */
+        .status-badge { display: inline-block; padding: .25rem .6rem; border-radius: 10px; font-size: .72rem; font-weight: 700; text-transform: uppercase; letter-spacing: .02em; border: 1px solid transparent; }
+        .status-open     { color: var(--warning); border-color: var(--warning); background: rgba(255,193,7,.15); }
+        .status-approved { color: var(--success); border-color: var(--success); background: rgba(40,167,69,.15); }
+        .status-denied   { color: var(--danger);  border-color: var(--danger);  background: rgba(220,53,69,.15); }
+
+        /* Action buttons */
+        .btn-modern { border: none; border-radius: 999px; padding: .35rem .7rem; font-weight: 700; font-size: .8rem; }
+        .btn-approve { background: linear-gradient(135deg,#28a745,#20c997); color:#fff; }
+        .btn-deny    { background: linear-gradient(135deg,#dc3545,#e74c3c); color:#fff; }
+        .btn-revoke  { background: linear-gradient(135deg,#6c757d,#5a6268); color:#fff; }
+        .btn-modern:hover { transform: translateY(-1px); box-shadow: 0 6px 18px rgba(0,0,0,.25); }
+
+        /* Loading / empty */
+        .empty { color: var(--muted); padding: 16px; text-align: center; font-style: italic; }
+
+        @media (max-width: 768px) { .page-title { font-size: 1.35rem; } }
     </style>
 </head>
 
@@ -62,483 +96,259 @@
                 <div th:replace="~{fragments/alerts}"></div>
 
                 <div class="container-fluid">
-                    <h2 class="toast-header">Trust AT (TAT) Management</h2>
+                    <!-- Header -->
+                    <div class="page-header">
+                        <div>
+                            <h2 class="page-title">Trust AT (TAT) Management</h2>
+                            <p class="page-subtitle">Manage and monitor Zero Trust Access Tokens for secure system access</p>
+                        </div>
+                        <div class="toolbar">
+                            <button id="refreshAll" type="button" class="btn-ghost"><i class="fas fa-rotate"></i> Refresh</button>
+                            <input id="globalSearch" class="form-control" placeholder="Search all tables…">
+                        </div>
+                    </div>
 
-                    <!-- Tabs for Open, Approved, and Denied TATs -->
+                    <!-- Top-level tabs -->
                     <ul class="nav nav-tabs" id="tatTabs">
                         <li class="nav-item"><a class="nav-link active" data-bs-toggle="tab" href="#openTats">Open TATs</a></li>
                         <li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#approvedTats">Approved TATs</a></li>
                         <li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#deniedTats">Denied TATs</a></li>
                     </ul>
 
-                    <div class="tab-content mt-3">
+                    <div class="tab-content mt-2">
                         <!-- Open TATs -->
                         <div id="openTats" class="tab-pane fade show active">
                             <ul class="nav nav-pills mb-3">
-                                <li class="nav-item"><a class="nav-link active" data-bs-toggle="tab" href="#open-terminal">Terminal TATs</a></li>
-                                <li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#open-ops">Operational TATs</a></li>
+                                <li class="nav-item"><a class="nav-link active" data-bs-toggle="tab" href="#open-terminal"><i class="fas fa-terminal"></i> Terminal</a></li>
+                                <li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#open-ops"><i class="fas fa-cogs"></i> Operational</a></li>
                             </ul>
                             <div class="tab-content">
-                                <!-- Terminal TATs -->
                                 <div id="open-terminal" class="tab-pane fade show active">
-                                    <table id="open-terminal-table" class="display">
-                                        <thead>
-                                        <tr><th>Operation</th><th>User</th><th>System</th><th>Actions</th></tr>
-                                        </thead>
-                                        <tbody>
-                                        <!--
-                                        <tr th:each="s : ${openTerminalTats}">
-                                            <td th:text="${s.command}"></td>
-                                            <td th:text="${s.userName}"></td>
-                                            <td th:text="${s.hostName}"></td>
-                                            <td>
-                                                <button th:id="'app_btn_' + ${s.id}" class="btn-secondary app_btn"
-                                                        th:if="${s.canApprove}">Approve</button>
-                                                <button th:id="'den_btn_' + ${s.id}" class="btn-secondary den_btn"
-                                                        th:if="${s.canDeny}">Deny</button>
-                                                <button th:id="'rev_btn_' + ${s.id}" class="btn-secondary rev_btn"
-                                                        th:if="${s.currentUser}">Revoke</button>
-                                            </td>
-                                        </tr>
-                                        -->
-                                        </tbody>
-                                    </table>
+                                    <div class="table-card">
+                                        <table id="open-terminal-table" class="display w-100"></table>
+                                    </div>
                                 </div>
-
-                                <!-- Operational TATs -->
                                 <div id="open-ops" class="tab-pane fade">
-                                    <table id="open-ops-table" class="display">
-                                        <thead>
-                                        <tr><th>Operation</th><th>User</th><th>Actions</th></tr>
-                                        </thead>
-                                        <tbody>
-                                        <!--
-                                        <tr th:each="s : ${openOpsTats}">
-                                            <td th:text="${s.summary}"></td>
-                                            <td th:text="${s.userName}"></td>
-                                            <td>
-                                                <button th:id="'ops_app_btn_' + ${s.id}"
-                                                        class="btn-secondary ops_app_btn" th:if="${s.canApprove}">Approve
-                                                </button>
-                                                <button th:id="'ops_den_btn_' + ${s.id}"
-                                                        class="btn-secondary ops_den_btn" th:if="${s.canDeny}">Deny
-                                                </button>
-                                                <button th:id="'ops_rev_btn_' + ${s.id}"
-                                                        class="btn-secondary ops_rev_btn"
-                                                        th:if="${s.currentUser}">Revoke
-                                                </button>
-                                            </td>
-                                        </tr>
-                                        -->
-                                        </tbody>
-                                    </table>
+                                    <div class="table-card">
+                                        <table id="open-ops-table" class="display w-100"></table>
+                                    </div>
                                 </div>
                             </div>
                         </div>
 
-                        <!-- Approved & Denied TATs - Same Structure -->
+                        <!-- Approved TATs -->
                         <div id="approvedTats" class="tab-pane fade">
-                            <div id="approvedtats-table" class="tab-pane fade show active">
-                                <ul class="nav nav-pills mb-3">
-                                    <li class="nav-item"><a class="nav-link active" data-bs-toggle="tab"
-                                                            href="#approved-terminal">Terminal TATs</a></li>
-                                    <li class="nav-item"><a class="nav-link" data-bs-toggle="tab"
-                                                            href="#approved-ops">Operational TATs</a></li>
-                                </ul>
-                                <div class="tab-content">
-                                    <!-- Terminal TATs -->
-                                    <div id="approved-terminal" class="tab-pane fade show active">
-                                        <table id="approved-terminal-table" class="display">
-                                            <thead>
-                                            <tr><th>Operation</th><th>User</th><th>System</th><th>Uses
-                                                Remaining</th><th>Actions</th></tr>
-                                            </thead>
-                                            <tbody>
-                                            <!--
-                                            <tr th:each="s : ${approvedTerminalTats}">
-                                                <td th:text="${s.command}"></td>
-                                                <td th:text="${s.userName}"></td>
-                                                <td th:text="${s.hostName}"></td>
-                                                <td th:text="${s.usesRemaining}"></td>
-                                                <td>
-                                                    <button th:id="'den_btn_' + ${s.id}" class="btn-secondary den_btn"
-                                                            th:if="${s.canDeny}">Deny</button>
-                                                </td>
-                                            </tr>
-                                            -->
-                                            </tbody>
-                                        </table>
+                            <ul class="nav nav-pills mb-3">
+                                <li class="nav-item"><a class="nav-link active" data-bs-toggle="tab" href="#approved-terminal"><i class="fas fa-terminal"></i> Terminal</a></li>
+                                <li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#approved-ops"><i class="fas fa-cogs"></i> Operational</a></li>
+                            </ul>
+                            <div class="tab-content">
+                                <div id="approved-terminal" class="tab-pane fade show active">
+                                    <div class="table-card">
+                                        <table id="approved-terminal-table" class="display w-100"></table>
                                     </div>
-
-                                    <!-- Operational TATs -->
-                                    <div id="approved-ops" class="tab-pane fade">
-                                        <table id="approved-ops-table" class="display">
-                                            <thead>
-                                            <tr><th>Operation</th><th>User</th><th>Uses Remaining</th><th>Actions
-                                            </th></tr>
-                                            </thead>
-                                            <tbody>
-                                            <!--
-                                            <tr th:each="s : ${approvedOpsTats}">
-                                                <td th:text="${s.summary}"></td>
-                                                <td th:text="${s.userName}"></td>
-                                                <td th:text="${s.usesRemaining}"></td>
-                                                <td>
-                                                    <button th:id="'ops_den_btn_' + ${s.id}"
-                                                            class="btn-secondary ops_den_btn" th:if="${s.canDeny}">Deny
-                                                    </button>
-                                                </td>
-                                            </tr>
-                                            -->
-                                            </tbody>
-                                        </table>
+                                </div>
+                                <div id="approved-ops" class="tab-pane fade">
+                                    <div class="table-card">
+                                        <table id="approved-ops-table" class="display w-100"></table>
                                     </div>
-
                                 </div>
-
-
                             </div>
                         </div>
 
                         <!-- Denied TATs -->
                         <div id="deniedTats" class="tab-pane fade">
-                            <div id="denied-table" class="tab-pane fade show active">
-                                <ul class="nav nav-pills mb-3">
-                                    <li class="nav-item"><a class="nav-link active" data-bs-toggle="tab" href="#open-terminal">Terminal TATs</a></li>
-                                    <li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#open-ops">Operational TATs</a></li>
-                                </ul>
-                                <div class="tab-content">
-                                    <!-- Terminal TATs -->
-                                    <div id="denied-terminal" class="tab-pane fade show active">
-                                        <table id="denied-terminal-table" class="display">
-                                            <thead>
-                                            <tr><th>Operation</th><th>User</th><th>System</th><th>Actions</th></tr>
-                                            </thead>
-                                            <tbody>
-                                            <!--
-                                            <tr th:each="s : ${deniedTerminalTats}">
-                                                <td th:text="${s.command}"></td>
-                                                <td th:text="${s.userName}"></td>
-                                                <td th:text="${s.hostName}"></td>
-                                                <td>
-                                                    <button th:id="'den_app_' + ${s.id}" class="btn-secondary app_btn"
-                                                            th:if="${s.canApprove}">Approve</button>
-                                                </td>
-                                            </tr>
-                                            -->
-                                            </tbody>
-                                        </table>
+                            <ul class="nav nav-pills mb-3">
+                                <li class="nav-item"><a class="nav-link active" data-bs-toggle="tab" href="#denied-terminal"><i class="fas fa-terminal"></i> Terminal</a></li>
+                                <li class="nav-item"><a class="nav-link" data-bs-toggle="tab" href="#denied-ops"><i class="fas fa-cogs"></i> Operational</a></li>
+                            </ul>
+                            <div class="tab-content">
+                                <div id="denied-terminal" class="tab-pane fade show active">
+                                    <div class="table-card">
+                                        <table id="denied-terminal-table" class="display w-100"></table>
                                     </div>
-
-                                    <!-- Operational TATs -->
-                                    <div id="denied-ops" class="tab-pane fade">
-                                        <table id="denied-ops-table" class="display">
-                                            <thead>
-                                            <tr><th>Operation</th><th>User</th><th>Actions</th></tr>
-                                            </thead>
-                                            <tbody>
-                                            <!--
-                                            <tr th:each="s : ${deniedOpsTats}">
-                                                <td th:text="${s.summary}"></td>
-                                                <td th:text="${s.userName}"></td>
-                                                <td>
-                                                    <button th:id="'ops_app_btn_' + ${s.id}"
-                                                            class="btn-secondary ops_app_btn"
-                                                            th:if="${s.canApprove}">Deny
-                                                    </button>
-                                                </td>
-                                            </tr>
-                                            -->
-                                            </tbody>
-                                        </table>
+                                </div>
+                                <div id="denied-ops" class="tab-pane fade">
+                                    <div class="table-card">
+                                        <table id="denied-ops-table" class="display w-100"></table>
                                     </div>
-
                                 </div>
-
-
                             </div>
                         </div>
-
-                    </div>
-                </div>
+                    </div> <!-- /tab-content -->
+                </div> <!-- /container-fluid -->
             </div>
         </div>
+    </div>
+</div>
+
+<!-- Scripts: keep Thymeleaf from parsing JS literals -->
+<script th:inline="none">
+    // ---------- DataTables factory with perf-friendly defaults ----------
+    function makeTable(selector, columns, opts = {}) {
+        return $(selector).DataTable(Object.assign({
+            columns,
+            autoWidth: false,
+            deferRender: true,
+            processing: true,
+            stripeClasses: [],
+            responsive: false,   // cheaper in Firefox; enable only if you need it
+            order: [],           // no initial sort
+            pageLength: 10,
+            language: { emptyTable: '<div class="empty">No items</div>' },
+            dom: 'tip'           // table + info + pagination (lean UI)
+        }, opts));
+    }
 
-<!-- DataTables Initialization -->
-<script>
-    function reloadTerminalTATs() {
-        $.get('/api/v1/zerotrust/accesstoken/list/terminal', function (data) {
-            const $table = $('#open-terminal-table').DataTable();
-            $table.clear();
-
-            for (let s of data) {
-                let actions = '';
-                if (s.canApprove) {
-                    actions += `<button id="app_btn_${s.id}" class="btn-secondary app_btn">Approve</button>`;
-                }
-                if (s.canDeny) {
-                    actions += `<button id="den_btn_${s.id}" class="btn-secondary den_btn">Deny</button>`;
-                }
-                if (s.currentUser) {
-                    actions += `<button id="rev_btn_${s.id}" class="btn-secondary rev_btn">Revoke</button>`;
-                }
-
-                $table.row.add([
-                    s.command,
-                    s.userName,
-                    s.hostName,
-                    actions
-                ]);
-            }
-
-            $table.draw();
-            attachZtatButtonHandlers(); // re-bind the click events
-        });
+    // ---------- Tables ----------
+    let openTerminalTable, openOpsTable, approvedTerminalTable, approvedOpsTable, deniedTerminalTable, deniedOpsTable;
 
-        $.get('/api/v1/zerotrust/accesstoken/list/approved/terminal', function (data) {
-            const $table = $('#approved-terminal-table').DataTable();
-            $table.clear();
-
-            for (let s of data) {
-                let actions = '';
-                if (s.canApprove) {
-                    actions += `<button id="app_btn_${s.id}" class="btn-secondary app_btn">Approve</button>`;
-                }
-                if (s.canDeny) {
-                    actions += `<button id="den_btn_${s.id}" class="btn-secondary den_btn">Deny</button>`;
-                }
-                if (s.currentUser) {
-                    actions += `<button id="rev_btn_${s.id}" class="btn-secondary rev_btn">Revoke</button>`;
-                }
-
-                $table.row.add([
-                    s.command,
-                    s.userName,
-                    s.hostName,
-                    s.usesRemaining,
-                    actions
-                ]);
-            }
-
-            $table.draw();
-            attachZtatButtonHandlers(); // re-bind the click events
+    $(document).ready(function () {
+        // Build tables
+        openTerminalTable = makeTable('#open-terminal-table', [
+            { title: "Operation" }, { title: "User" }, { title: "System" }, { title: "Actions" }
+        ]);
+        openOpsTable = makeTable('#open-ops-table', [
+            { title: "Operation" }, { title: "User" }, { title: "Actions" }
+        ]);
+        approvedTerminalTable = makeTable('#approved-terminal-table', [
+            { title: "Operation" }, { title: "User" }, { title: "System" }, { title: "Uses Remaining" }, { title: "Actions" }
+        ]);
+        approvedOpsTable = makeTable('#approved-ops-table', [
+            { title: "Operation" }, { title: "User" }, { title: "Uses Remaining" }, { title: "Actions" }
+        ]);
+        deniedTerminalTable = makeTable('#denied-terminal-table', [
+            { title: "Operation" }, { title: "User" }, { title: "System" }, { title: "Actions" }
+        ]);
+        deniedOpsTable = makeTable('#denied-ops-table', [
+            { title: "Operation" }, { title: "User" }, { title: "Actions" }
+        ]);
+
+        // Global search across all tables
+        $('#globalSearch').on('input', function () {
+            const val = this.value || '';
+            [openTerminalTable, openOpsTable, approvedTerminalTable, approvedOpsTable, deniedTerminalTable, deniedOpsTable]
+                .forEach(dt => dt.search(val).draw(false));
         });
 
-        $.get('/api/v1/zerotrust/accesstoken/list/denied/terminal', function (data) {
-            const $table = $('#denied-terminal-table').DataTable();
-            $table.clear();
-
-            for (let s of data) {
-                let actions = '';
-                if (s.canApprove) {
-                    actions += `<button id="app_btn_${s.id}" class="btn-secondary app_btn">Approve</button>`;
-                }
-                if (s.canDeny) {
-                    actions += `<button id="den_btn_${s.id}" class="btn-secondary den_btn">Deny</button>`;
-                }
-
-                $table.row.add([
-                    s.command,
-                    s.userName,
-                    s.hostName,
-                    actions
-                ]);
-            }
-
-            $table.draw();
-            attachZtatButtonHandlers(); // re-bind the click events
-        });
-    }
+        // Manual refresh
+        $('#refreshAll').on('click', () => { reloadTerminalTATs(); reloadOpsTATs(); });
 
-    function reloadOpsTATs() {
-        $.get('/api/v1/zerotrust/accesstoken/list/ops', function (data) {
-            const $table = $('#open-ops-table').DataTable();
-            $table.clear();
-
-            for (let s of data) {
-                let actions = '';
-                if (s.canApprove) {
-                    actions += `<button id="ops_app_btn_${s.id}" class="btn-secondary ops_app_btn">Approve</button>`;
-                }
-                if (s.canDeny) {
-                    actions += `<button id="ops_den_btn_${s.id}" class="btn-secondary ops_den_btn">Deny</button>`;
-                }
-                if (s.currentUser) {
-                    actions += `<button id="ops_rev_btn_${s.id}" class="btn-secondary ops_rev_btn">Revoke</button>`;
-                }
-
-                $table.row.add([
-                    s.summary,
-                    s.userName,
-                    actions
-                ]);
-            }
-
-            $table.draw();
-            attachZtatButtonHandlers(); // re-bind the click events
-        });
-
-        $.get('/api/v1/zerotrust/accesstoken/list/approved/ops', function (data) {
-            const $table = $('#approved-ops-table').DataTable();
-            $table.clear();
-
-            for (let s of data) {
-                let actions = '';
-                if (s.canApprove) {
-                    actions += `<button id="ops_app_btn_${s.id}" class="btn-secondary ops_app_btn">Approve</button>`;
-                }
-                if (s.canDeny) {
-                    actions += `<button id="ops_den_btn_${s.id}" class="btn-secondary ops_den_btn">Deny</button>`;
-                }
-                if (s.currentUser) {
-                    actions += `<button id="ops_rev_btn_${s.id}" class="btn-secondary ops_rev_btn">Revoke</button>`;
-                }
-
-                $table.row.add([
-                    s.summary,
-                    s.userName,
-                    s.usesRemaining,
-                    actions
-                ]);
-            }
-
-            $table.draw();
-            attachZtatButtonHandlers(); // re-bind the click events
-        });
+        // Initial load
+        reloadTerminalTATs();
+        reloadOpsTATs();
+    });
 
-        $.get('/api/v1/zerotrust/accesstoken/list/denied/ops', function (data) {
-            const $table = $('#denied-ops-table').DataTable();
-            $table.clear();
-
-            for (let s of data) {
-                let actions = '';
-                if (s.canApprove) {
-                    actions += `<button id="ops_app_btn_${s.id}" class="btn-secondary ops_app_btn">Approve</button>`;
-                }
-                if (s.canDeny) {
-                    actions += `<button id="ops_den_btn_${s.id}" class="btn-secondary ops_den_btn">Deny</button>`;
-                }
-
-                $table.row.add([
-                    s.summary,
-                    s.userName,
-                    actions
-                ]);
-            }
-
-            $table.draw();
-            attachZtatButtonHandlers(); // re-bind the click events
-        });
+    // ---------- Render helpers ----------
+    function renderActions(s, prefix) {
+        // prefix '' for terminal; 'ops_' for ops
+        return [
+            s.canApprove ? `<button type="button" class="btn-modern btn-approve ${prefix}app_btn" data-id="${s.id}"><i class="fas fa-check"></i> Approve</button>` : '',
+            s.canDeny    ? `<button type="button" class="btn-modern btn-deny ${prefix}den_btn" data-id="${s.id}"><i class="fas fa-ban"></i> Deny</button>`     : '',
+            s.currentUser? `<button type="button" class="btn-modern btn-revoke ${prefix}rev_btn" data-id="${s.id}"><i class="fas fa-times"></i> Revoke</button>`: ''
+        ].filter(Boolean).join(' ');
     }
 
-
-    function attachZtatButtonHandlers() {
-        $(".app_btn").off().click(function () {
-            let id = this.id.split("_").pop();
-            $.get('/api/v1/zerotrust/accesstoken/terminal/approve?ztatId=' + id, {}, function () {
-                reloadTerminalTATs();
+    // ---------- Efficient reloads (batched rows + single draw) ----------
+    function reloadTerminalTATs() {
+        // avoid work if the whole tab is hidden
+        if (!$('#openTats').hasClass('active') && !$('#approvedTats').hasClass('active') && !$('#deniedTats').hasClass('active')) return;
+
+        // OPEN terminal (only if Open tab showing)
+        if ($('#openTats').hasClass('active')) {
+            $.get('/api/v1/zerotrust/accesstoken/list/terminal', function (data) {
+                const rows = data.map(s => [ s.command, s.userName, s.hostName, renderActions(s, '') ]);
+                const t = openTerminalTable; t.clear(); t.rows.add(rows); t.draw(false);
             });
-        });
+        }
 
-        $(".den_btn").off().click(function () {
-            let id = this.id.split("_").pop();
-            $.get('/api/v1/zerotrust/accesstoken/terminal/deny?ztatId=' + id, {}, function () {
-                reloadTerminalTATs();
+        // APPROVED terminal
+        if ($('#approvedTats').hasClass('active')) {
+            $.get('/api/v1/zerotrust/accesstoken/list/approved/terminal', function (data) {
+                const rows = data.map(s => [ s.command, s.userName, s.hostName, (s.usesRemaining ?? '—'), renderActions(s, '') ]);
+                const t = approvedTerminalTable; t.clear(); t.rows.add(rows); t.draw(false);
             });
-        });
+        }
 
-        $(".rev_btn").off().click(function () {
-            let id = this.id.split("_").pop();
-            $.get('/api/v1/zerotrust/accesstoken/terminal/revoke?ztatId=' + id, {}, function () {
-                reloadTerminalTATs();
+        // DENIED terminal
+        if ($('#deniedTats').hasClass('active')) {
+            $.get('/api/v1/zerotrust/accesstoken/list/denied/terminal', function (data) {
+                const rows = data.map(s => [ s.command, s.userName, s.hostName, renderActions(s, '') ]);
+                const t = deniedTerminalTable; t.clear(); t.rows.add(rows); t.draw(false);
             });
-        });
+        }
+    }
 
-        $(".ops_app_btn").off().click(function () {
-            let id = this.id.split("_").pop();
-            $.get('/api/v1/zerotrust/accesstoken/ops/approve?ztatId=' + id, {}, function () {
-                reloadOpsTATs();
+    function reloadOpsTATs() {
+        if (!$('#openTats').hasClass('active') && !$('#approvedTats').hasClass('active') && !$('#deniedTats').hasClass('active')) return;
+
+        // OPEN ops
+        if ($('#openTats').hasClass('active')) {
+            $.get('/api/v1/zerotrust/accesstoken/list/ops', function (data) {
+                const rows = data.map(s => [ s.summary, s.userName, renderActions(s, 'ops_') ]);
+                const t = openOpsTable; t.clear(); t.rows.add(rows); t.draw(false);
             });
-        });
+        }
 
-        $(".ops_den_btn").off().click(function () {
-            let id = this.id.split("_").pop();
-            $.get('/api/v1/zerotrust/accesstoken/ops/deny?ztatId=' + id, {}, function () {
-                reloadOpsTATs();
+        // APPROVED ops
+        if ($('#approvedTats').hasClass('active')) {
+            $.get('/api/v1/zerotrust/accesstoken/list/approved/ops', function (data) {
+                const rows = data.map(s => [ s.summary, s.userName, (s.usesRemaining ?? '—'), renderActions(s, 'ops_') ]);
+                const t = approvedOpsTable; t.clear(); t.rows.add(rows); t.draw(false);
             });
-        });
+        }
 
-        $(".ops_rev_btn").off().click(function () {
-            let id = this.id.split("_").pop();
-            $.get('/api/v1/zerotrust/accesstoken/my/ops/revoke?ztatId=' + id, {}, function () {
-                reloadOpsTATs();
+        // DENIED ops
+        if ($('#deniedTats').hasClass('active')) {
+            $.get('/api/v1/zerotrust/accesstoken/list/denied/ops', function (data) {
+                const rows = data.map(s => [ s.summary, s.userName, renderActions(s, 'ops_') ]);
+                const t = deniedOpsTable; t.clear(); t.rows.add(rows); t.draw(false);
             });
-        });
+        }
     }
 
-    let openTerminalTable, openOpsTable, approvedTerminalTable, approvedOpsTable, deniedTerminalTable, deniedOpsTable;
-
-    $(document).ready(function () {
-        openTerminalTable = $('#open-terminal-table').DataTable({
-            columns: [
-                { title: "Operation", data: 0 }, // Explicitly map column 0 to array element 0
-                { title: "User", data: 1 },      // Explicitly map column 1 to array element 1
-                { title: "System", data: 2 },
-                { title: "Actions", data: 3 }
-            ]
-        });
-
-
-        openOpsTable = $('#open-ops-table').DataTable({
-            columns: [
-                { title: "Summary", data: 0 },
-                { title: "User" ,  data: 1},
-                { title: "Actions",  data: 2 }
-            ]
-        });
-
-        approvedTerminalTable = $('#approved-terminal-table').DataTable({
-            columns: [
-                { title: "Operation", data: 0 },
-                { title: "User", data: 1 },
-                { title: "System", data: 2 },
-                { title: "Uses Remaining", data: 3 },
-                { title: "Actions", data: 4 }
-            ]
-        });
-
+    // Refresh visible tables when switching tabs (prevents hidden-tab work)
+    document.addEventListener('shown.bs.tab', function (e) {
+        const target = e.target.getAttribute('href') || '';
+        if (target.startsWith('#open') || target === '#openTats')  { reloadTerminalTATs(); reloadOpsTATs(); }
+        if (target.startsWith('#approved') || target === '#approvedTats') { reloadTerminalTATs(); reloadOpsTATs(); }
+        if (target.startsWith('#denied') || target === '#deniedTats') { reloadTerminalTATs(); reloadOpsTATs(); }
+    });
 
-        approvedOpsTable = $('#approved-ops-table').DataTable({
-            columns: [
-                { title: "Operation", data: 0 },
-                { title: "User", data: 1 },
-                { title: "Uses Remaining", data: 2 },
-                { title: "Actions", data: 3 }
-            ]
-        });
+    // Skip work while page is hidden; refresh when visible again
+    document.addEventListener('visibilitychange', () => {
+        if (!document.hidden) { reloadTerminalTATs(); reloadOpsTATs(); }
+    });
 
-        deniedTerminalTable = $('#denied-terminal-table').DataTable({
-            columns: [
-                { title: "Operation", data: 0 },
-                { title: "User", data: 1 },
-                { title: "System", data: 2 },
-                { title: "Actions", data: 3 }
-            ]
+    // ---------- Event delegation (bind once; works across redraws) ----------
+    // Delegate from the STABLE table elements (not TBODY which DT replaces)
+    $('#open-terminal-table, #approved-terminal-table, #denied-terminal-table')
+        .on('click', 'button.app_btn', function () {
+            const id = this.dataset.id;
+            $.get(`/api/v1/zerotrust/accesstoken/terminal/approve?ztatId=${id}`, {}, () => { reloadTerminalTATs(); });
+        })
+        .on('click', 'button.den_btn', function () {
+            const id = this.dataset.id;
+            $.get(`/api/v1/zerotrust/accesstoken/terminal/deny?ztatId=${id}`, {}, () => { reloadTerminalTATs(); });
+        })
+        .on('click', 'button.rev_btn', function () {
+            const id = this.dataset.id;
+            $.get(`/api/v1/zerotrust/accesstoken/terminal/revoke?ztatId=${id}`, {}, () => { reloadTerminalTATs(); });
         });
 
-        deniedOpsTable = $('#denied-ops-table').DataTable({
-            columns: [
-                { title: "Operation", data: 0 },
-                { title: "User", data: 1 },
-                { title: "Actions", data: 2 }
-            ]
+    $('#open-ops-table, #approved-ops-table, #denied-ops-table')
+        .on('click', 'button.ops_app_btn', function () {
+            const id = this.dataset.id;
+            $.get(`/api/v1/zerotrust/accesstoken/ops/approve?ztatId=${id}`, {}, () => { reloadOpsTATs(); });
+        })
+        .on('click', 'button.ops_den_btn', function () {
+            const id = this.dataset.id;
+            $.get(`/api/v1/zerotrust/accesstoken/ops/deny?ztatId=${id}`, {}, () => { reloadOpsTATs(); });
+        })
+        .on('click', 'button.ops_rev_btn', function () {
+            const id = this.dataset.id;
+            $.get(`/api/v1/zerotrust/accesstoken/my/ops/revoke?ztatId=${id}`, {}, () => { reloadOpsTATs(); });
         });
-
-
-        attachZtatButtonHandlers();
-        reloadTerminalTATs();
-        reloadOpsTATs();
-    });
 </script>
 
 </body>
diff --git a/dataplane/src/main/java/io/sentrius/sso/automation/auditing/AccessTokenAuditor.java b/dataplane/src/main/java/io/sentrius/sso/automation/auditing/AccessTokenAuditor.java
index 076bfe71..80958667 100644
--- a/dataplane/src/main/java/io/sentrius/sso/automation/auditing/AccessTokenAuditor.java
+++ b/dataplane/src/main/java/io/sentrius/sso/automation/auditing/AccessTokenAuditor.java
@@ -241,8 +241,9 @@ protected synchronized TriggerAction submit(String command) {
 
           // keep the current trigger
         } else if (ztatService.hasJITRequest(command, user, system)){
-
-            if (!ztatService.isActive(command, user, system)) {
+            var isActive = ztatService.isActive(command, user, system);
+            log.info("on message is approved {} is active ? {}", command, isActive);
+            if (!isActive) {
               ZeroTrustAccessTokenReason reason = ztatService.createReason("need ", " ticket ", " url");
               ZeroTrustAccessTokenRequest request = ztatService.createRequest(command, reason, connectedSystem.getUser(),
                   connectedSystem.getHostSystem()
@@ -250,13 +251,14 @@ protected synchronized TriggerAction submit(String command) {
               request = ztatService.addJITRequest(request);
               return TriggerAction.DENY_ACTION;
             } else {
+                log.info("on message is approved and active {}", command);
               ztatService.incrementUses(command, user, system);
               currentTrigger = Trigger.NO_ACTION;
             }
 
 
       } else {
-
+            log.info("on message is approved, but no jit request {}", command);
             currentTrigger = Trigger.NO_ACTION;
         }
 
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/services/SshListenerService.java b/dataplane/src/main/java/io/sentrius/sso/core/services/SshListenerService.java
index dffdd0da..d3170d55 100644
--- a/dataplane/src/main/java/io/sentrius/sso/core/services/SshListenerService.java
+++ b/dataplane/src/main/java/io/sentrius/sso/core/services/SshListenerService.java
@@ -80,7 +80,6 @@ public void startListeningToSshServer(String terminalSessionId, DataSession sess
                     // logic for receiving data from SSH server
                     var sshData = sessionTrackingService.getOutput(connectedSystem, 1L, TimeUnit.SECONDS,
                         output -> (!connectedSystem.getSession().getClosed() && (null != activeSessions.get(terminalSessionId) && activeSessions.get(terminalSessionId).isOpen())));
-                    log.info("Received data from SSH server for session: {}", terminalSessionId);
                     // Send data to the specific terminal session
                     if (null != sshData ) {
                         for(Session.TerminalMessage terminalMessage : sshData){
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/services/security/ZeroTrustAccessTokenService.java b/dataplane/src/main/java/io/sentrius/sso/core/services/security/ZeroTrustAccessTokenService.java
index aeb7d19f..73a3ac1e 100644
--- a/dataplane/src/main/java/io/sentrius/sso/core/services/security/ZeroTrustAccessTokenService.java
+++ b/dataplane/src/main/java/io/sentrius/sso/core/services/security/ZeroTrustAccessTokenService.java
@@ -202,6 +202,11 @@ public boolean isActive(
         var lastUpdated = null != status.get().getZtatRequest().getLastUpdated() ?
         status.get().getZtatRequest().getLastUpdated().getTime() : System.currentTimeMillis();
         var currentTime = System.currentTimeMillis();
+        log.info("JIT request last updated: " + lastUpdated);
+        log.info("JIT request current time: " + currentTime);
+        log.info("JIT request max duration: " + systemOptions.getMaxJitDurationMs());
+        log.info("JIT request uses: " + status.get().getUses());
+        log.info("JIT request max uses: " + systemOptions.getMaxJitUses());
         if (systemOptions.getMaxJitUses() > 0
             && status.get().getUses() >= systemOptions.getMaxJitUses()) {
           log.info("JIT request has reached max uses: " + request.getId());
@@ -212,6 +217,8 @@ public boolean isActive(
         } else {
           return true;
         }
+      } else {
+          log.info("JIT request not found: " + command);
       }
     }
     log.info("JIT request not found: " + command);
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/services/security/ZeroTrustRequestService.java b/dataplane/src/main/java/io/sentrius/sso/core/services/security/ZeroTrustRequestService.java
index 47a6f0f7..884b25ac 100644
--- a/dataplane/src/main/java/io/sentrius/sso/core/services/security/ZeroTrustRequestService.java
+++ b/dataplane/src/main/java/io/sentrius/sso/core/services/security/ZeroTrustRequestService.java
@@ -198,11 +198,11 @@ public Optional<OpsApproval> getOpsTokenStatus(String token ) {
 
     public Optional<ZeroTrustAccessTokenApproval> getAccessTokenStatus(ZeroTrustAccessTokenRequest request) {
         var approvals = request.getApprovals();
+        log.info("Approvals for request {}: {}", request.getId(), approvals.size());
         if (!approvals.isEmpty()) {
             return Optional.of(approvals.get(0));
         }
-        // Implement logic to retrieve the JIT status (if applicable).
-        // Example: Retrieve from a specific table or calculate based on data.
+
         return Optional.empty(); // Placeholder for actual implementation.
     }
 
@@ -248,10 +248,13 @@ public void incrementAccessTokenUses(ZeroTrustAccessTokenRequest request) {
                 if (approval.getUses() >= systemOptions.maxJitUses) {
                     throw new RuntimeException("JIT uses exceeded");
                 }
-                ;
+
                 ztatUseRepository.save(ZtatUse.builder().ztatApproval(approval).user(request.getUser()).build());
                 log.info("Incrementing uses for JITRequest: {}", request.getId());
                 ztatApprovalRepository.save(approval);
+
+                approval.setUses(approval.getUses() + 1);
+                ztatApprovalRepository.save(approval);
             });
         }
     }