diff --git a/client/src/components/redesign/ApiKeys.jsx b/client/src/components/redesign/ApiKeys.jsx
index f4b8574f7..9d0607606 100644
--- a/client/src/components/redesign/ApiKeys.jsx
+++ b/client/src/components/redesign/ApiKeys.jsx
@@ -164,11 +164,6 @@ class ApiKeys extends React.Component {
                 header: I18n.t("models.userTokens.createdAt"),
                 mapper: apiKey => dateFromEpoch(apiKey.created_at)
             },
-            {
-                key: "created_at",
-                header: I18n.t("models.userTokens.createdAt"),
-                mapper: apiKey => dateFromEpoch(apiKey.created_at)
-            },
             {
                 nonSortable: true,
                 key: "trash",
diff --git a/client/src/locale/en.js b/client/src/locale/en.js
index 11d660a13..1bb9aaa74 100644
--- a/client/src/locale/en.js
+++ b/client/src/locale/en.js
@@ -1379,7 +1379,7 @@ const en = {
         },
     },
     apiKeys: {
-        title: "Create an organisation API token for {{organisation}}",
+        title: "Create an organisation API token for {{organisation}}",
         info: "An organisation API token is required to use the <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"{{base_url}}/apidocs/\"'>Application Programmer Interface (API)</a>.",
         backToOrganisationDetail: "Back to my organisation {{name}}",
         secretDisclaimer: "You can view this organisation API token only once. Copy it and store it somewhere safe.<br><br>If the token is lost, delete it and create a new one.",
diff --git a/server/api/pam_websso.py b/server/api/pam_websso.py
index d018359f3..b0a1e55f0 100644
--- a/server/api/pam_websso.py
+++ b/server/api/pam_websso.py
@@ -1,10 +1,9 @@
 import io
-import json
 import random
 import string
 import uuid
 from datetime import datetime, timedelta
-from collections import OrderedDict
+
 import qrcode
 from flasgger import swag_from
 from flask import Blueprint, request as current_request, current_app, session
@@ -16,7 +15,7 @@
 from server.auth.tokens import validate_service_token
 from server.db.db import db
 from server.db.defaults import PAM_WEB_LOGIN, SERVICE_TOKEN_PAM
-from server.db.domain import User, PamSSOSession
+from server.db.domain import User, PamSSOSession, Service, CollaborationMembership
 from server.db.models import log_user_login, flatten
 from server.logger.context_logger import ctx_logger
 
@@ -48,9 +47,12 @@ def _validate_pam_sso_session(pam_sso_session: PamSSOSession, pin, validate_pin,
     if validate_pin and pam_sso_session.pin != pin:
         return {"result": "FAIL", "info": "Incorrect pin"}
 
-    groups = {m.collaboration.short_name: m.collaboration.name for m in user.collaboration_memberships if
-              service in m.collaboration.services or service in m.collaboration.organisation.services}
-    sorted_groups = OrderedDict(sorted(groups.items(), key=lambda x: x[1].casefold(), reverse=False))
+    def include_service(s: Service, m: CollaborationMembership):
+        return s in m.collaboration.services or s in m.collaboration.organisation.services
+
+    groups = [{"short_name": m.collaboration.short_name, "name": m.collaboration.name} for m in
+              user.collaboration_memberships if include_service(service, m)]
+    sorted_groups = sorted(groups, key=lambda group: group["name"].lower())
     return {"result": "SUCCESS",
             "username": user.username,
             "groups": sorted_groups,
@@ -191,9 +193,8 @@ def check_pin():
     log_user_login(PAM_WEB_LOGIN, success, user, user.uid, service, service.entity_id, status=validation["result"])
 
     logger.debug(f"PamWebSSO check-pin for service {service.name} for user {user.uid} with result {validation}")
-    # We need to preserve the ordering of the groups dict, soo we dump the validation here
-    json_res = json.dumps(validation)
-    return json_res, 201
+
+    return validation, 201
 
 
 @pam_websso_api.route("/ssh_keys", methods=["GET"], strict_slashes=False)
diff --git a/server/test/abstract_test.py b/server/test/abstract_test.py
index 79bf3dbfd..e1d6c7254 100644
--- a/server/test/abstract_test.py
+++ b/server/test/abstract_test.py
@@ -129,20 +129,19 @@ def get(self, url, query_data={}, response_status_code=200, with_basic_auth=True
                 self.assertEqual(response.headers.get(key), value)
             return response if response_status_code == 302 else response.json if hasattr(response, "json") else None
 
-    def post(self, url, body={}, headers={}, response_status_code=201, with_basic_auth=True, result_to_json=False):
-        return self._do_call(body, self.client.post, headers, response_status_code, url, with_basic_auth,
-                             result_to_json)
+    def post(self, url, body={}, headers={}, response_status_code=201, with_basic_auth=True):
+        return self._do_call(body, self.client.post, headers, response_status_code, url, with_basic_auth)
 
-    def put(self, url, body={}, headers={}, response_status_code=201, with_basic_auth=True, result_to_json=False):
-        return self._do_call(body, self.client.put, headers, response_status_code, url, with_basic_auth, result_to_json)
+    def put(self, url, body={}, headers={}, response_status_code=201, with_basic_auth=True):
+        return self._do_call(body, self.client.put, headers, response_status_code, url, with_basic_auth)
 
-    def _do_call(self, body, call, headers, response_status_code, url, with_basic_auth, result_to_json):
+    def _do_call(self, body, call, headers, response_status_code, url, with_basic_auth):
         with requests.Session():
             response = call(url, headers={**BASIC_AUTH_HEADER, **headers} if with_basic_auth else headers,
                             data=json.dumps(body),
                             content_type="application/json")
             self.assertEqual(response_status_code, response.status_code, msg=str(response.json))
-            return json.loads(response.json) if result_to_json else response.json
+            return response.json
 
     def delete(self, url, primary_key=None, with_basic_auth=True, response_status_code=204, headers={}):
         primary_key_part = f"/{primary_key}" if primary_key else ""
diff --git a/server/test/api/test_pam_websso.py b/server/test/api/test_pam_websso.py
index e6d444233..d05fb4319 100644
--- a/server/test/api/test_pam_websso.py
+++ b/server/test/api/test_pam_websso.py
@@ -142,8 +142,7 @@ def test_check_pin_success(self):
                         body={"session_id": pam_session_id,
                               "pin": "1234"},
                         with_basic_auth=False,
-                        headers={"Authorization": f"bearer {service_storage_token}"},
-                        result_to_json=True)
+                        headers={"Authorization": f"bearer {service_storage_token}"})
         self.assertEqual("SUCCESS", res["result"])
         self.assertEqual("peter", res["username"])
         self.assertEqual(1, len(res["groups"]))
@@ -164,8 +163,7 @@ def test_check_pin_wrong_pin(self):
                         body={"session_id": pam_session_id,
                               "pin": "nope"},
                         with_basic_auth=False,
-                        headers={"Authorization": f"bearer {service_storage_token}"},
-                        result_to_json=True)
+                        headers={"Authorization": f"bearer {service_storage_token}"})
         self.assertEqual("FAIL", res["result"])
 
     def test_check_pin_time_out(self):
@@ -205,7 +203,6 @@ def test_anonymous_pam_websso_login_flow(self):
                         body={"session_id": pam_session_id,
                               "pin": pin},
                         with_basic_auth=False,
-                        headers={"Authorization": f"bearer {service_storage_token}"},
-                        result_to_json=True)
+                        headers={"Authorization": f"bearer {service_storage_token}"})
         self.assertEqual("SUCCESS", res["result"])
         self.assertEqual("peter", res["username"])