diff --git a/src/Controller/AuthKeysController.php b/src/Controller/AuthKeysController.php
index 37aa356..7bca8d5 100644
--- a/src/Controller/AuthKeysController.php
+++ b/src/Controller/AuthKeysController.php
@@ -90,6 +90,9 @@ class AuthKeysController extends AppController
                 if (!in_array($data['user_id'], array_keys($users))) {
                     throw new MethodNotAllowedException(__('You are not authorised to do that.'));
                 }
+                if (empty($data['expiration'])) {
+                    $data['expiration'] = 0;
+                }
                 return $data;
             }
         ]);
diff --git a/src/Model/Table/AuthKeysTable.php b/src/Model/Table/AuthKeysTable.php
index f20299e..b7968b0 100644
--- a/src/Model/Table/AuthKeysTable.php
+++ b/src/Model/Table/AuthKeysTable.php
@@ -29,7 +29,7 @@ class AuthKeysTable extends AppTable
     public function beforeMarshal(EventInterface $event, ArrayObject $data, ArrayObject $options)
     {
         $data['created'] = time();
-        if (!isset($data['expiration'])) {
+        if (!isset($data['expiration']) || empty($data['expiration'])) {
             $data['expiration'] = 0;
         } else {
             $data['expiration'] = strtotime($data['expiration']);
diff --git a/src/Model/Table/IndividualsTable.php b/src/Model/Table/IndividualsTable.php
index 6e85a3b..8940618 100644
--- a/src/Model/Table/IndividualsTable.php
+++ b/src/Model/Table/IndividualsTable.php
@@ -125,17 +125,29 @@ class IndividualsTable extends AppTable
 
     public function getValidIndividualsToEdit(object $currentUser): array
     {
-        $validRoles = $this->Users->Roles->find('list')->select(['id'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
-        $validIndividualIds = $this->Users->find()->select(['individual_id'])->where(
-            [
-                'organisation_id' => $currentUser['organisation_id'],
-                'disabled' => 0,
-                'OR' => [
-                    ['role_id IN' => array_keys($validRoles)],
-                    ['id' => $currentUser['id']],
-                ]
-            ]
-        )->all()->extract('individual_id')->toArray();
+        $isSiteAdmin = $currentUser['role']['perm_admin'];
+        $isGroupAdmin = $currentUser['role']['perm_group_admin'];
+        $validRoles = $this->Users->Roles->find('list')->select(['id']);
+        if (!$isSiteAdmin) {
+            $validRoles->where(['perm_admin' => 0]);
+        }
+        $validRoles = $validRoles->all()->toArray();
+        $conditions = [
+            'disabled' => 0
+        ];
+        if (!$isSiteAdmin) {
+            $conditions['OR'] = [
+                ['role_id IN' => array_keys($validRoles)],
+                ['id' => $currentUser['id']]
+            ];
+            if ($isGroupAdmin) {
+                $OrgGroups = \Cake\ORM\TableRegistry::getTableLocator()->get('OrgGroups');
+                $conditions['organisation_id IN'] = $OrgGroups->getGroupOrgIdsForUser($currentUser);
+            } else {
+                $conditions['organisation_id'] = $currentUser['organisation_id'];
+            }
+        }
+        $validIndividualIds = $this->Users->find()->select(['individual_id'])->where($conditions)->all()->extract('individual_id')->toArray();
         return $validIndividualIds;
     }
 
diff --git a/templates/AuthKeys/add.php b/templates/AuthKeys/add.php
index 4c829ec..5235c32 100644
--- a/templates/AuthKeys/add.php
+++ b/templates/AuthKeys/add.php
@@ -16,6 +16,7 @@ echo $this->element('genericElements/Form/genericForm', [
                 'field' => 'expiration',
                 'label' => __('Expiration'),
                 'type' => 'datetime',
+                'required' => false
             ]
         ],
         'submit' => [
diff --git a/templates/Individuals/view.php b/templates/Individuals/view.php
index 423c7e6..ed7ce00 100644
--- a/templates/Individuals/view.php
+++ b/templates/Individuals/view.php
@@ -40,6 +40,12 @@ echo $this->element(
                 'scope' => 'individuals'
             ]
         ],
-        'children' => []
+        'children' => [
+            [
+                'url' => '/EncryptionKeys/index?owner_id={{0}}&owner_model=individual',
+                'url_params' => ['id'],
+                'title' => __('Encryption keys')
+            ]
+        ]
     ]
 );
diff --git a/templates/Instance/home.php b/templates/Instance/home.php
index f3c6604..814e294 100644
--- a/templates/Instance/home.php
+++ b/templates/Instance/home.php
@@ -1,6 +1,7 @@
 <?php
 
 use Cake\ORM\TableRegistry;
+use Cake\Routing\Router;
 
 $bookmarks = !empty($loggedUser->user_settings_by_name['ui.bookmarks']['value']) ? json_decode($loggedUser->user_settings_by_name['ui.bookmarks']['value'], true) : [];
 $this->userSettingsTable = TableRegistry::getTableLocator()->get('UserSettings');
@@ -49,9 +50,10 @@ $this->userSettingsTable = TableRegistry::getTableLocator()->get('UserSettings')
             $modelForDisplay = $exploded[count($exploded) - 1];
             $panelTitle = $this->Html->link(
                 h($modelForDisplay),
-                $this->Url->build([
+                Router::url([
                     'controller' => $modelForDisplay,
                     'action' => 'index',
+                    '?' => ['sort' => 'modified', 'direction' => 'desc']
                 ]),
                 ['class' => 'text-white text-decoration-none fw-light stretched-link']
             );
diff --git a/templates/Organisations/view.php b/templates/Organisations/view.php
index a27339b..218003d 100644
--- a/templates/Organisations/view.php
+++ b/templates/Organisations/view.php
@@ -63,6 +63,12 @@ echo $this->element(
         'data' => $entity,
         'fields' => $fields,
         'combinedFieldsView' => false,
-        'children' => []
+        'children' => [
+            [
+                'url' => '/EncryptionKeys/index?owner_id={{0}}&owner_model=organisation',
+                'url_params' => ['id'],
+                'title' => __('Encryption keys')
+            ]
+        ]
     ]
 );