diff --git a/controllers/user.go b/controllers/user.go
index b5e9ed0a..2a7717ee 100644
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -1,9 +1,11 @@
 package controller
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/gravitl/netmaker/db"
 	"net/http"
 	"reflect"
 	"time"
@@ -584,6 +586,18 @@ func getUsers(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	for i, user := range users {
+		// only setting num_access_tokens here, because only UI needs it.
+		user.NumAccessTokens, err = (&schema.UserAccessToken{
+			UserName: user.UserName,
+		}).CountByUser(db.WithContext(context.TODO()))
+		if err != nil {
+			continue
+		}
+
+		users[i] = user
+	}
+
 	logic.SortUsers(users[:])
 	logger.Log(2, r.Header.Get("user"), "fetched users")
 	json.NewEncoder(w).Encode(users)
diff --git a/logic/auth.go b/logic/auth.go
index 9e3f45dd..a5fdbfd7 100644
--- a/logic/auth.go
+++ b/logic/auth.go
@@ -106,6 +106,7 @@ func GetUsers() ([]models.ReturnUser, error) {
 		if err != nil {
 			continue // get users
 		}
+
 		users = append(users, user)
 	}
 
diff --git a/models/user_mgmt.go b/models/user_mgmt.go
index 2a09b13a..8f80af4f 100644
--- a/models/user_mgmt.go
+++ b/models/user_mgmt.go
@@ -190,6 +190,7 @@ type ReturnUser struct {
 	PlatformRoleID             UserRoleID                            `json:"platform_role_id"`
 	NetworkRoles               map[NetworkID]map[UserRoleID]struct{} `json:"network_roles"`
 	LastLoginTime              time.Time                             `json:"last_login_time"`
+	NumAccessTokens            int                                   `json:"num_access_tokens"`
 }
 
 // UserAuthParams - user auth params struct
diff --git a/schema/user_access_token.go b/schema/user_access_token.go
index 45182b2b..1760c4d9 100644
--- a/schema/user_access_token.go
+++ b/schema/user_access_token.go
@@ -43,6 +43,15 @@ func (a *UserAccessToken) ListByUser(ctx context.Context) (ats []UserAccessToken
 	return
 }
 
+func (a *UserAccessToken) CountByUser(ctx context.Context) (int, error) {
+	var count int64
+	err := db.FromContext(ctx).Model(&UserAccessToken{}).
+		Where("user_name = ?", a.UserName).
+		Count(&count).
+		Error
+	return int(count), err
+}
+
 func (a *UserAccessToken) Delete(ctx context.Context) error {
 	return db.FromContext(ctx).Model(&UserAccessToken{}).Where("id = ?", a.ID).Delete(&a).Error
 }