diff --git a/.secrets.baseline b/.secrets.baseline
index 9e2b54d15..512c2a5e7 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -356,14 +356,14 @@
         "filename": "driven/storage/migrations.go",
         "hashed_secret": "d6cc178164ab53e06efb13b1c4cab6456c3e3a13",
         "is_verified": false,
-        "line_number": 757
+        "line_number": 845
       },
       {
         "type": "Secret Keyword",
         "filename": "driven/storage/migrations.go",
         "hashed_secret": "f8858fa361e5ab245f0c57b4adbae545d1883a9e",
         "is_verified": false,
-        "line_number": 762
+        "line_number": 850
       }
     ],
     "driver/web/apis_system.go": [
@@ -446,5 +446,5 @@
       }
     ]
   },
-  "generated_at": "2024-03-05T23:31:55Z"
+  "generated_at": "2024-03-06T17:28:50Z"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 50fd9cc46..e91ab0b74 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 - Decouple authentication and verification mechanisms [#665](https://github.com/rokwire/core-building-block/issues/665)
 - Refactor account auth types [#674](https://github.com/rokwire/core-building-block/issues/674)
+- Improve request context logging
 
 ## [1.38.1] - 2024-03-05
 ### Fixed
diff --git a/driven/storage/migrations.go b/driven/storage/migrations.go
index 4d57690e5..4a057973f 100644
--- a/driven/storage/migrations.go
+++ b/driven/storage/migrations.go
@@ -439,10 +439,11 @@ func (sa *Adapter) migrateAccounts(context TransactionContext, batch int, orgID
 				}
 			}
 			if !foundUsername {
-				identifiers = append(identifiers, accountIdentifier{ID: uuid.NewString(), Code: "username", Identifier: *acct.Username, Verified: true, DateCreated: now})
+				identifiers = append(identifiers, accountIdentifier{ID: uuid.NewString(), Code: "username", Identifier: strings.TrimSpace(strings.ToLower(*acct.Username)), Verified: true, DateCreated: now})
 			}
 		}
 
+		migrated.OrgAppsMemberships = sa.mergeDuplicateAppMemberships(migrated) // merge multiple orgAppMemberships with the same app_org_id if any are found
 		migrated.AuthTypes = authTypes
 		migrated.Identifiers = identifiers
 		migrated.ExternalIDs = nil
@@ -467,6 +468,93 @@ func (sa *Adapter) migrateAccounts(context TransactionContext, batch int, orgID
 	return &numAccounts, nil
 }
 
+func (sa *Adapter) mergeDuplicateAppMemberships(account tenantAccount) []orgAppMembership {
+	appMembershipIDs := make(map[string]int)
+	appMemberships := make([]orgAppMembership, 0)
+	for _, appMembership := range account.OrgAppsMemberships {
+		if _, foundID := appMembershipIDs[appMembership.AppOrgID]; !foundID {
+			appMembershipIDs[appMembership.AppOrgID] = len(appMemberships) // appMembershipIDs map value gives the index in updatedMemberships where all memberships with this app_org_id should be merged
+			appMemberships = append(appMemberships, appMembership)
+		} else {
+			index := appMembershipIDs[appMembership.AppOrgID]
+			// merge permissions
+			for _, permission := range appMembership.Permissions {
+				permissionExists := false
+				for _, existingPermission := range appMemberships[index].Permissions {
+					if existingPermission.ID == permission.ID {
+						permissionExists = true
+						break
+					}
+				}
+
+				if !permissionExists {
+					if appMemberships[index].Permissions == nil {
+						appMemberships[index].Permissions = make([]model.Permission, 0)
+					}
+					appMemberships[index].Permissions = append(appMemberships[index].Permissions, permission)
+				}
+			}
+			// merge roles
+			for _, role := range appMembership.Roles {
+				roleExists := false
+				for _, existingRole := range appMemberships[index].Roles {
+					if existingRole.Role.ID == role.Role.ID {
+						roleExists = true
+						break
+					}
+				}
+
+				if !roleExists {
+					if appMemberships[index].Roles == nil {
+						appMemberships[index].Roles = make([]accountRole, 0)
+					}
+					appMemberships[index].Roles = append(appMemberships[index].Roles, role)
+				}
+			}
+			// merge groups
+			for _, group := range appMembership.Groups {
+				groupExists := false
+				for _, existingGroup := range appMemberships[index].Groups {
+					if existingGroup.Group.ID == group.Group.ID {
+						groupExists = true
+						break
+					}
+				}
+
+				if !groupExists {
+					if appMemberships[index].Groups == nil {
+						appMemberships[index].Groups = make([]accountGroup, 0)
+					}
+					appMemberships[index].Groups = append(appMemberships[index].Groups, group)
+				}
+			}
+
+			// merge preferences
+			for k, v := range appMembership.Preferences {
+				if _, foundKey := appMemberships[index].Preferences[k]; !foundKey {
+					appMemberships[index].Preferences[k] = v
+				}
+			}
+			// tenant accounts existing before this migration have no stored secrets (nothing to merge)
+
+			// use the newer of the two most recent client versions
+			if appMemberships[index].MostRecentClientVersion == nil {
+				appMemberships[index].MostRecentClientVersion = appMembership.MostRecentClientVersion
+			} else if appMembership.MostRecentClientVersion != nil {
+				existingClientVersionNumbers := model.VersionNumbersFromString(*appMemberships[index].MostRecentClientVersion)
+				clientVersionNumbers := model.VersionNumbersFromString(*appMembership.MostRecentClientVersion)
+
+				if clientVersionNumbers != nil && !clientVersionNumbers.LessThanOrEqualTo(existingClientVersionNumbers) {
+					versionString := clientVersionNumbers.String()
+					appMemberships[index].MostRecentClientVersion = &versionString
+				}
+			}
+		}
+	}
+
+	return appMemberships
+}
+
 func (sa *Adapter) migrateLoginSessions(context TransactionContext, removedAuthTypes map[string]model.AuthType) error {
 	// remove the following fields from all login sessions
 	update := bson.D{primitive.E{Key: "$unset", Value: bson.D{