diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-release-workflow.yml
similarity index 78%
rename from .github/workflows/keyfactor-bootstrap-workflow.yml
rename to .github/workflows/keyfactor-release-workflow.yml
index 6d8de53..3071ff4 100644
--- a/.github/workflows/keyfactor-bootstrap-workflow.yml
+++ b/.github/workflows/keyfactor-release-workflow.yml
@@ -1,4 +1,4 @@
-name: Keyfactor Bootstrap Workflow
+name: Keyfactor Release Workflow
 
 on:
   workflow_dispatch:
@@ -11,9 +11,10 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@v3
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+                
\ No newline at end of file
diff --git a/README.md b/README.md
index e737332..05d8b44 100644
--- a/README.md
+++ b/README.md
@@ -1,277 +1,176 @@
+<h1 align="center" style="border-bottom: none">
+    F5 WAF Universal Orchestrator Extension
+</h1>
+
+<p align="center">
+  <!-- Badges -->
+<img src="https://img.shields.io/badge/integration_status-production-3D1973?style=flat-square" alt="Integration Status: production" />
+<a href="https://github.com/Keyfactor/f5-waf-orchestrator/releases"><img src="https://img.shields.io/github/v/release/Keyfactor/f5-waf-orchestrator?style=flat-square" alt="Release" /></a>
+<img src="https://img.shields.io/github/issues/Keyfactor/f5-waf-orchestrator?style=flat-square" alt="Issues" />
+<img src="https://img.shields.io/github/downloads/Keyfactor/f5-waf-orchestrator/total?style=flat-square&label=downloads&color=28B905" alt="GitHub Downloads (all assets, all releases)" />
+</p>
 
-# F5 WAF
-
-The F5 WAF Orchestrator is an extension to the Keyfactor Universal Orchestrator. It Integrates with Multi-Cloud App Connect, which is F5 Distributed Cloud's service for connecting apps across clouds and within on premise installationss using load balancers. The purpose of the F5 WAF orchestrator is to manage the TLS and CA Root certificates. The TLS certificates may be bound to load balancers.  The orchestrator facilitates the inventory, addition, renewal, and removal of these certificates as well as the discovery of namespaces (certificate stores) within the F5 Multi-Cloud App Connect instance.
-
-#### Integration status: Production - Ready for use in production environments.
-
-## About the Keyfactor Universal Orchestrator Extension
-
-This repository contains a Universal Orchestrator Extension which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” &mdash; collections of certificates and roots of trust that are found within and used by various applications.
-
-The Universal Orchestrator is part of the Keyfactor software distribution and is available via the Keyfactor customer portal. For general instructions on installing Extensions, see the “Keyfactor Command Orchestrator Installation and Configuration Guide” section of the Keyfactor documentation. For configuration details of this specific Extension see below in this readme.
-
-The Universal Orchestrator is the successor to the Windows Orchestrator. This Orchestrator Extension plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator.
-
-## Support for F5 WAF
-
-F5 WAF is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com
-
-###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
-
----
-
-
----
-
-
-
-## Keyfactor Version Supported
-
-The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.4.1
-## Platform Specific Notes
-
-The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. The certificate operations supported by a capability may vary based what platform the capability is installed on. The table below indicates what capabilities are supported based on which platform the encompassing Universal Orchestrator is running.
-| Operation | Win | Linux |
-|-----|-----|------|
-|Supports Management Add|&check; |&check; |
-|Supports Management Remove|&check; |&check; |
-|Supports Create Store|  |  |
-|Supports Discovery|&check; |&check; |
-|Supports Reenrollment|  |  |
-|Supports Inventory|&check; |&check; |
+<p align="center">
+  <!-- TOC -->
+  <a href="#support">
+    <b>Support</b>
+  </a>
+  ·
+  <a href="#installation">
+    <b>Installation</b>
+  </a>
+  ·
+  <a href="#license">
+    <b>License</b>
+  </a>
+  ·
+  <a href="https://github.com/orgs/Keyfactor/repositories?q=orchestrator">
+    <b>Related Integrations</b>
+  </a>
+</p>
 
 
-## PAM Integration
+## Overview
 
-This orchestrator extension has the ability to connect to a variety of supported PAM providers to allow for the retrieval of various client hosted secrets right from the orchestrator server itself.  This eliminates the need to set up the PAM integration on Keyfactor Command which may be in an environment that the client does not want to have access to their PAM provider.
+The F5 WAF Universal Orchestrator extension remotely manages TLS and CA Root certificates uploaded to F5 Distributed Multi-Cloud App Connect, which is the F5 platform that manages WAF services. Certificates bound to HTTP Load Balancers within Multi-Cloud App Connect can be renewed or replaced, but they cannot be removed.
 
-The secrets that this orchestrator extension supports for use with a PAM Provider are:
+The extension uses two primary certificate store types: `f5WafTls` and `f5WafCa`. These store types are used to manage stores containing TLS and CA Root certificates, respectively. The `f5WafTls` certificate store type is focused on managing TLS certificates, which are used to enable secure communication over networks. Use cases for `f5WafTls` include discovery of TLS stores, inventorying all TLS certificates within a namespace, adding or renewing certificates, and removing unbound certificates.
 
-|Name|Description|
-|----|-----------|
-|ServerUsername|The user id that will be used to authenticate to the F5 WAF API endpoints|
-|ServerPassword|The API token that will be used to authenticate to the F5 WAF API endpoints|
-  
+On the other hand, the `f5WafCa` store type is used for managing CA Root certificates, which are essential for establishing a chain of trust between different entities. The use cases for `f5WafCa` are similar to those of `f5WafTls`, including discovery, inventory, and management of certificates. However, it is important to note that deleting a CA Root certificate replaces all instances of the same certificate within the namespace, due to an F5 WAF feature.
 
-It is not necessary to use a PAM Provider for all of the secrets available above. If a PAM Provider should not be used, simply enter in the actual value to be used, as normal.
+Overall, this extension simplifies the management of certificates within the F5 Distributed Multi-Cloud App Connect platform, providing seamless integration with Keyfactor Command.
 
-If a PAM Provider will be used for one of the fields above, start by referencing the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam). The GitHub repo for the PAM Provider to be used contains important information such as the format of the `json` needed. What follows is an example but does not reflect the `json` values for all PAM Providers as they have different "instance" and "initialization" parameter names and values.
+## Compatibility
 
-<details><summary>General PAM Provider Configuration</summary>
-<p>
+This integration is compatible with Keyfactor Universal Orchestrator version 10.4.1 and later.
 
+## Support
+The F5 WAF Universal Orchestrator extension is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com. 
+ 
+> To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
 
+## Installation
+Before installing the F5 WAF Universal Orchestrator extension, it's recommended to install [kfutil](https://github.com/Keyfactor/kfutil). Kfutil is a command-line tool that simplifies the process of creating store types, installing extensions, and instantiating certificate stores in Keyfactor Command.
 
-### Example PAM Provider Setup
+The F5 WAF Universal Orchestrator extension implements 2 Certificate Store Types. Depending on your use case, you may elect to install one, or all of these Certificate Store Types. An overview for each type is linked below:
+* [F5 WAF TLS](docs/f5waftls.md)
+* [F5 WAF CA](docs/f5wafca.md)
 
-To use a PAM Provider to resolve a field, in this example the __Server Password__ will be resolved by the `Hashicorp-Vault` provider, first install the PAM Provider extension from the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) on the Universal Orchestrator.
+<details><summary>F5 WAF TLS</summary>
 
-Next, complete configuration of the PAM Provider on the UO by editing the `manifest.json` of the __PAM Provider__ (e.g. located at extensions/Hashicorp-Vault/manifest.json). The "initialization" parameters need to be entered here:
 
-~~~ json
-  "Keyfactor:PAMProviders:Hashicorp-Vault:InitializationInfo": {
-    "Host": "http://127.0.0.1:8200",
-    "Path": "v1/secret/data",
-    "Token": "xxxxxx"
-  }
-~~~
+1. Follow the [requirements section](docs/f5waftls.md#requirements) to configure a Service Account and grant necessary API permissions.
 
-After these values are entered, the Orchestrator needs to be restarted to pick up the configuration. Now the PAM Provider can be used on other Orchestrator Extensions.
+    <details><summary>Requirements</summary>
 
-### Use the PAM Provider
-With the PAM Provider configured as an extenion on the UO, a `json` object can be passed instead of an actual value to resolve the field with a PAM Provider. Consult the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) for the specific format of the `json` object.
+    ### Creating an F5 WAF API Token
 
-To have the __Server Password__ field resolved by the `Hashicorp-Vault` provider, the corresponding `json` object from the `Hashicorp-Vault` extension needs to be copied and filed in with the correct information:
+    In lieu of providing a server password when setting up an F5 WAF certificate store, F5 Multi-Cloud App Connect uses API tokens combined with the user id to authenticate when calling APIs.  API Tokens can be created through the F5 Distributed Cloud Console after logging in with the ID you wish to use for the Keyfactor certificate store.  Once logged in, select Multi-Cloud App Connect from the options under "Common services".  Next, select Account Services from the pull down at the top right of the screen, and select "Account Settings".  From there, click on "Credentials" on the left nav and "Add Credentials" on the subsequent screen.  In the form shown, select "API Token" from the Credential Type dropdown, and enter the name of the credential and the expiration date.  Please note that credentials can only be created for up to 90 day periods of time.  After 90 days, a new API token will need to be generated and replaced in your F5 WAF certificate store(s).  Clicking Generate will then show the value of the newly created API Token.  Copy this and save to a safe place, as this will be the value you will enter in the Server Password field when setting up your certificate store.  If you forget or lose this token value, there is no way to access it again in the F5 Distributed Cloud portal.  You will need to create a new API Token.
 
-~~~ json
-{"Secret":"my-kv-secret","Key":"myServerPassword"}
-~~~
+    ![](Images/image1.gif)
+    ![](Images/image2.gif)
+    ![](Images/image3.gif)
+    ![](Images/image4.gif)
+    ![](Images/image5.gif)
+    ![](Images/image6.gif)
 
-This text would be entered in as the value for the __Server Password__, instead of entering in the actual password. The Orchestrator will attempt to use the PAM Provider to retrieve the __Server Password__. If PAM should not be used, just directly enter in the value for the field.
-</p>
-</details> 
 
 
+    </details>
 
+2. Create Certificate Store Types for the F5 WAF Orchestrator extension. 
 
----
+    * **Using kfutil**:
 
+        ```shell
+        # F5 WAF TLS
+        kfutil store-types create f5WafTls
+        ```
 
-## Overview
-The F5 WAF Orchestrator extension remotely manages TLS and CA Root certificates uploaded to F5 Distributed Multi-Cloud App Connect, which is the F5 platform that manages WAF services. Certificates bound to Http Load Balancers within Multi-Cloud App Connect can be renewed/replaced, but they cannot be removed.  Certificate store types f5WafTls and f5WafCa are used to manage stores containing TLS and CA Root certificates, respectively.
+    * **Manually**:
+        * [F5 WAF TLS](docs/f5waftls.md#certificate-store-type-configuration)
 
-<details>
-<summary>f5WafTls</summary>
+3. Install the F5 WAF Universal Orchestrator extension.
+    
+    * **Using kfutil**: On the server that that hosts the Universal Orchestrator, run the following command:
 
-The f5WafTls certificate store type is used to manage F5 Distributed Multi-Cloud App Connect TLS certificates.
+        ```shell
+        # Windows Server
+        kfutil orchestrator extension -e f5-waf-orchestrator@latest --out "C:\Program Files\Keyfactor\Keyfactor Orchestrator\extensions"
 
-Use cases supported:
-1. Discovery of TLS stores.  Discovery for F5 WAF returns any discoverable namespaces in the F5 WAF instance.
-2. Inventory of a TLS store.  All TLS certificates, bound or unbound, within a namespace will be returned to Keyfactor Command.
-3. Management-Add.  Add a new certificate or renew an existing one.  Renew will work for both bound and unbound certificates.  All existing binding will remain in place, bound to the same alias with the newly replaced/renewed certificate.
-4. Management-Delete.  Remove an existing certificate.  Will only work for unbound certificates.
+        # Linux
+        kfutil orchestrator extension -e f5-waf-orchestrator@latest --out "/opt/keyfactor/orchestrator/extensions"
+        ```
 
-</details>
+    * **Manually**: Follow the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions) to install the latest [F5 WAF Universal Orchestrator extension](https://github.com/Keyfactor/f5-waf-orchestrator/releases/latest).
 
-<details>
-<summary>f5WafCa</summary>
+4. Create new certificate stores in Keyfactor Command for the Sample Universal Orchestrator extension.
 
-The f5WafCa certificate store type is used to manage F5 Distributed Multi-Cloud App Connect CA Root certificates.
+    * [F5 WAF TLS](docs/f5waftls.md#certificate-store-configuration)
 
-Use cases supported:
-1. Discovery of TLS stores.  Discovery for F5 WAF returns any discoverable namespaces in the F5 WAF instance.
-2. Inventory of a TLS store.  All CA Root certificates within a namespace will be returned to Keyfactor Command.
-3. Management-Add.  Add a new certificate or renew an existing one.
-4. Management-Delete.  Remove an existing certificate.  Please note, for CA Root certicates, deleting an existing certificate will replace ALL instances of the same certificate and not only the one represented by the intended alias.  This is an F5 WAF feature that the integration has no control over.
 
 </details>
 
+<details><summary>F5 WAF CA</summary>
 
-## F5 WAF Orchestrator Extension Installation
 
-1. Refer to the [Creating Certificate Store Types](#creating-certificate-store-types) section to create the certificate store types you wish to manage.
-2. Stop the Keyfactor Universal Orchestrator Service on the server you plan to install this extension to run on.
-3. In the Keyfactor Orchestrator installation folder (by convention usually C:\Program Files\Keyfactor\Keyfactor Orchestrator for a Windows install or /opt/keyfactor/orchestrator/ for a Linux install), find the "Extensions" folder. Underneath that, create a new folder named "F5Waf". You may choose to use a different name if you wish.
-4. Download the latest version of the F5 WAF orchestrator extension from [GitHub](https://github.com/Keyfactor/f5-waf-orchestrator).  Click on the "Latest" release link on the right hand side of the main page and download the first zip file.
-5. Copy the contents of the download installation zip file to the folder created in step 3.
-6. (Optional) If you decide to create one or more certificate store types with short names different than the suggested values, edit the manifest.json file in the folder you created in step 3, and modify each "ShortName" in each "Certstores.{ShortName}.{Operation}" line with the ShortName you used to create the respective certificate store type.
-7. Start the Keyfactor Universal Orchestrator Service.
+1. Follow the [requirements section](docs/f5wafca.md#requirements) to configure a Service Account and grant necessary API permissions.
 
+    <details><summary>Requirements</summary>
 
-## Creating Certificate Store Types
+    ### Creating an F5 WAF API Token
 
-Below are the two certificate store types that the F5 WAF Orchestator Extension manages.  To create a new Certificate Store Type in Keyfactor Command, first click on settings (the gear icon on the top right) => Certificate Store Types => Add.  Next, follow the instructions under each store type you wish to set up.
+    In lieu of providing a server password when setting up an F5 WAF certificate store, F5 Multi-Cloud App Connect uses API tokens combined with the user id to authenticate when calling APIs.  API Tokens can be created through the F5 Distributed Cloud Console after logging in with the ID you wish to use for the Keyfactor certificate store.  Once logged in, select Multi-Cloud App Connect from the options under "Common services".  Next, select Account Services from the pull down at the top right of the screen, and select "Account Settings".  From there, click on "Credentials" on the left nav and "Add Credentials" on the subsequent screen.  In the form shown, select "API Token" from the Credential Type dropdown, and enter the name of the credential and the expiration date.  Please note that credentials can only be created for up to 90 day periods of time.  After 90 days, a new API token will need to be generated and replaced in your F5 WAF certificate store(s).  Clicking Generate will then show the value of the newly created API Token.  Copy this and save to a safe place, as this will be the value you will enter in the Server Password field when setting up your certificate store.  If you forget or lose this token value, there is no way to access it again in the F5 Distributed Cloud portal.  You will need to create a new API Token.
 
-<details>  
-<summary>f5WafTls - TLS certificates in a namespace</summary>
+    ![](Images/image1.gif)
+    ![](Images/image2.gif)
+    ![](Images/image3.gif)
+    ![](Images/image4.gif)
+    ![](Images/image5.gif)
+    ![](Images/image6.gif)
 
-- <i>Basic Tab:</i>
 
-  - **Name** – Required. The display name you wish to use for the new Certificate Store Type.
-  - **Short Name** – Required. Suggested value - **f5WafTls**.  If you choose to use a different value you must make the corresponding modification to the manifest.json file.  See [F5 WAF Orchestrator Extension Installation](#f5-waf-orchestrator-extension-installation), step 6 above.
-  - **Custom Capability** - Unchecked
-  - **Supported Job Types** - Inventory, Add, Remove, and Discovery should all be checked.
-  - **Needs Server** - Checked
-  - **Blueprint Allowed** - Checked if you wish to make use of blueprinting.  Please refer to the Keyfactor Command Reference Guide for more details on this feature.
-  - **Uses PowerShell** - Unchecked
-  - **Requires Store Password** - Unchecked
-  - **Supports Entry Password** - Unchecked  
 
-- <i>Advanced Tab:</i>
+    </details>
 
-  - **Store Path Type** - Freeform
-  - **Supports Custom Alias** - Required.
-  - **Private Key Handling** - Required.  
-  - **PFX Password Style** - Default  
+2. Create Certificate Store Types for the F5 WAF Orchestrator extension. 
 
-- <i>Custom Fields Tab:</i>
+    * **Using kfutil**:
 
-  - no additional custom fields  
+        ```shell
+        # F5 WAF CA
+        kfutil store-types create f5WafCa
+        ```
 
-- <i>Entry Parameters Tab:</i>
+    * **Manually**:
+        * [F5 WAF CA](docs/f5wafca.md#certificate-store-type-configuration)
 
-  - no additional entry parameters  
+3. Install the F5 WAF Universal Orchestrator extension.
+    
+    * **Using kfutil**: On the server that that hosts the Universal Orchestrator, run the following command:
 
-</details>  
+        ```shell
+        # Windows Server
+        kfutil orchestrator extension -e f5-waf-orchestrator@latest --out "C:\Program Files\Keyfactor\Keyfactor Orchestrator\extensions"
 
-<details>  
-<summary>f5WafCa - CA Root certificates in a namespace</summary>
+        # Linux
+        kfutil orchestrator extension -e f5-waf-orchestrator@latest --out "/opt/keyfactor/orchestrator/extensions"
+        ```
 
-- <i>Basic Tab:</i>
+    * **Manually**: Follow the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions) to install the latest [F5 WAF Universal Orchestrator extension](https://github.com/Keyfactor/f5-waf-orchestrator/releases/latest).
 
-  - **Name** – Required. The display name you wish to use for the new Certificate Store Type.
-  - **Short Name** – Required. Suggested value - **f5WafCa**.  If you choose to use a different value you must make the corresponding modification to the manifest.json file.  See [F5 WAF Orchestrator Extension Installation](#f5-waf-orchestrator-extension-installation), step 6 above.
-  - **Custom Capability** - Unchecked
-  - **Supported Job Types** - Inventory, Add, Remove, and Discovery should all be checked.
-  - **Needs Server** - Checked
-  - **Blueprint Allowed** - Checked if you wish to make use of blueprinting.  Please refer to the Keyfactor Command Reference Guide for more details on this feature.
-  - **Uses PowerShell** - Unchecked
-  - **Requires Store Password** - Unchecked
-  - **Supports Entry Password** - Unchecked  
+4. Create new certificate stores in Keyfactor Command for the Sample Universal Orchestrator extension.
 
-- <i>Advanced Tab:</i>
+    * [F5 WAF CA](docs/f5wafca.md#certificate-store-configuration)
 
-  - **Store Path Type** - Freeform
-  - **Supports Custom Alias** - Required.
-  - **Private Key Handling** - Forbidden.  
-  - **PFX Password Style** - Default  
-
-- <i>Custom Fields Tab:</i>
-
-  - no additional custom fields  
-
-- <i>Entry Parameters Tab:</i>
-
-  - no additional entry parameters  
-
-</details>  
-
-
-## Creating Certificate Stores and Scheduling Discovery Jobs
-
-When creating new certificate stores or scheduling discovery jobs in Keyfactor Command, there are a few fields that are important to highlight here:
-
-<details>
-<summary>Certificate Stores</summary>
-
-The following table describes the required and optional fields for the `f5WafTls` and `f5WafCa` certificate store types when creating a certificate store.
-
-In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store.
-
-| Attribute | Description                                                                                                                                    |
-| --------- |------------------------------------------------------------------------------------------------------------------------------------------------|
-| Category | Select either f5WafTls or f5WafCa depending on whether you want to manage TLS certificates or Root CA certificates.                                        |
-| Container | Optional container to associate certificate store with.                                                                                        |
-| Client Machine | The URL for the F5 Distributed Cloud instance (typically ending in '.console.ves.volterra.io').                                                 |
-| Store Path | The Multi-Cloud App Connect namespace containing the certificates you wish to manage.                                                          |
-| Orchestrator | Select an approved orchestrator capable of managing F5 WAF certificates. Specifically, one with the f5WafTls and f5WafCa capabilities.         |
-| Server Username | The username used to log in to the F5 Distributed Cloud instance (typically an email). |
-| Server Password | The API Token configured in the F5 Distributed Cloud instance's Account Settings.  Please see [Creating an F5 WAF API Token](#creating-an-f5-waf-api-token) for more details on creating this token.  |
-| Use SSL | Not used for this integration, so either setting is fine.                |
 
 </details>
 
-<details>
-<summary>Discovery Jobs</summary>
-
-The following table describes the required and optional fields to schedule a Discovery job for the `f5WafTls` and `f5WafCa` certificate store types.
-
-In Keyfactor Command, navigate to Certificate Stores from the Locations Menu and then click on the Discover tab.
-
-| Attribute | Description                                                                                                                                    |
-| --------- |------------------------------------------------------------------------------------------------------------------------------------------------|
-| Category | Select either F5WafTls or F5WafCa depending on whether you want to return namespaces for TLS certificates or CA Root certificates.                                        |
-| Orchestrator | Select an approved orchestrator capable of managing F5 WAF certificates. Specifically, one with the f5WafTls and f5WafCa capabilities.         |
-| Schedule | Enter the schedule for when you want the job to run   |
-| Client Machine | The URL for the F5 Distributed Cloud instance (typically ending in '.console.ves.volterra.io'.                                                 |
-| Server Username | The username used to log in to the F5 Distributed Cloud instance (typically an email). |
-| Server Password | The API Token configured in the F5 Distributed Cloud instance's Account Settings.  Please see [Creating an F5 WAF API Token](#creating-an-f5-waf-api-token) for more details on creating this token.  |
-| Directories to Search | Not used for this integration.  Leave Blank.  |
-| Directories to ignore | Not used for this integration.  Leave Blank.  |
-| Extensions | Not used for this integration.  Leave Blank.  |
-| File name patterns to match | Not used for this integration.  Leave Blank.  |
-| Follow SymLinks | Not used for this integration.  Leave Unchecked.  |  
-| Follow SymLinks | Not used for this integration.  Leave Unchecked.  |  
-| Use SSL? | Not used for this integration.  Leave Unchecked.  |  
-
-Discovery jobs will return all known namespaces for this F5 WAF instance.  Please note that because Keyfactor Command has a restriction on multiple certificate stores having the same Client Machine and Store Path, certificate stores for f5WafTls will return stores with a "tls-" prefixed to the beginning of the store path (namespace); while f5WafCA stores will have "ca-" prefixed.  Any jobs that run for stores with these prefixes will have these prefixes removed before calling any F5 WAF APIs.  What this means is a store path (namespace) for an f5WafTls store of "tls-namespace1" will be the same as one labeled "namespace1".
-
-</details>
-
-
-## Creating an F5 WAF API Token
-
-In lieu of providing a server password when setting up an F5 WAF certificate store, F5 Multi-Cloud App Connect uses API tokens combined with the user id to authenticate when calling APIs.  API Tokens can be created through the F5 Distributed Cloud Console after logging in with the ID you wish to use for the Keyfactor certificate store.  Once logged in, select Multi-Cloud App Connect from the options under "Common services".  Next, select Account Services from the pull down at the top right of the screen, and select "Account Settings".  From there, click on "Credentials" on the left nav and "Add Credentials" on the subsequent screen.  In the form shown, select "API Token" from the Credential Type dropdown, and enter the name of the credential and the expiration date.  Please note that credentials can only be created for up to 90 day periods of time.  After 90 days, a new API token will need to be generated and replaced in your F5 WAF certificate store(s).  Clicking Generate will then show the value of the newly created API Token.  Copy this and save to a safe place, as this will be the value you will enter in the Server Password field when setting up your certificate store.  If you forget or lose this token value, there is no way to access it again in the F5 Distributed Cloud portal.  You will need to create a new API Token.
-
-![](Images/image1.gif)
-![](Images/image2.gif)
-![](Images/image3.gif)
-![](Images/image4.gif)
-![](Images/image5.gif)
-![](Images/image6.gif)
 
+## License
 
-When creating cert store type manually, that store property names and entry parameter names are case sensitive
+Apache License 2.0, see [LICENSE](LICENSE).
 
+## Related Integrations
 
+See all [Keyfactor Universal Orchestrator extensions](https://github.com/orgs/Keyfactor/repositories?q=orchestrator).
\ No newline at end of file
diff --git a/docs/f5wafca.md b/docs/f5wafca.md
new file mode 100644
index 0000000..b6fbf03
--- /dev/null
+++ b/docs/f5wafca.md
@@ -0,0 +1,136 @@
+## F5 WAF CA
+
+The `f5WafCa` certificate store type is designed to manage CA Root certificates within the F5 Distributed Multi-Cloud App Connect platform. CA Root certificates are critical components that establish a chain of trust between entities, ensuring the authenticity and reliability of certificates issued by intermediate Certificate Authorities.
+
+### What does it represent?
+The `f5WafCa` store type represents all CA Root certificates residing within a namespace on the F5 platform. This comprehensive management scope includes discovery, inventory, addition, renewal, and deletion of CA Root certificates within the specified namespace.
+
+### Functionality
+The `f5WafCa` certificate store type supports several key use cases, including:
+1. **Discovery of CA Root stores**: Identifies and returns any discoverable namespaces in the F5 WAF instance.
+2. **Inventory of a CA Root store**: Provides a complete inventory of all CA Root certificates within a namespace.
+3. **Management-Add**: Allows the addition of new certificates or the renewal of existing ones.
+4. **Management-Delete**: Supports the removal of existing certificates. However, deleting a CA Root certificate replaces all instances of the same certificate within the namespace, which is an intrinsic F5 WAF feature beyond the control of this integration.
+
+### Caveats and Limitations
+While the `f5WafCa` store type offers essential capabilities for managing CA Root certificates, there are some notable limitations and areas for potential confusion:
+- **Replacing Multiple Instances**: Deleting a CA Root certificate will replace every instance of that certificate across the namespace, not just the one represented by the intended alias. Users must be cautious and aware of this behavior.
+- **No SDK used**: This certificate store type does not utilize an SDK, relying instead on direct interactions with the F5 Distributed Multi-Cloud App Connect APIs.
+
+Overall, the `f5WafCa` certificate store type is a powerful tool for managing CA Root certificates within the F5 platform, providing extensive functionality while also having specific limitations that users need to be aware of.
+
+
+
+### Supported Job Types
+
+| Job Name | Supported |
+| -------- | --------- |
+| Inventory | ✅ |
+| Management Add | ✅ |
+| Management Remove | ✅ |
+| Discovery | ✅ |
+| Create |  |
+| Reenrollment |  |
+
+## Requirements
+
+### Creating an F5 WAF API Token
+
+In lieu of providing a server password when setting up an F5 WAF certificate store, F5 Multi-Cloud App Connect uses API tokens combined with the user id to authenticate when calling APIs.  API Tokens can be created through the F5 Distributed Cloud Console after logging in with the ID you wish to use for the Keyfactor certificate store.  Once logged in, select Multi-Cloud App Connect from the options under "Common services".  Next, select Account Services from the pull down at the top right of the screen, and select "Account Settings".  From there, click on "Credentials" on the left nav and "Add Credentials" on the subsequent screen.  In the form shown, select "API Token" from the Credential Type dropdown, and enter the name of the credential and the expiration date.  Please note that credentials can only be created for up to 90 day periods of time.  After 90 days, a new API token will need to be generated and replaced in your F5 WAF certificate store(s).  Clicking Generate will then show the value of the newly created API Token.  Copy this and save to a safe place, as this will be the value you will enter in the Server Password field when setting up your certificate store.  If you forget or lose this token value, there is no way to access it again in the F5 Distributed Cloud portal.  You will need to create a new API Token.
+
+![](Images/image1.gif)
+![](Images/image2.gif)
+![](Images/image3.gif)
+![](Images/image4.gif)
+![](Images/image5.gif)
+![](Images/image6.gif)
+
+
+
+## Certificate Store Type Configuration
+
+The recommended method for creating the `f5WafCa` Certificate Store Type is to use [kfutil](https://github.com/Keyfactor/kfutil). After installing, use the following command to create the `` Certificate Store Type:
+
+```shell
+kfutil store-types create f5WafCa
+```
+
+<details><summary>f5WafCa</summary>
+
+Create a store type called `f5WafCa` with the attributes in the tables below:
+
+### Basic Tab
+| Attribute | Value | Description |
+| --------- | ----- | ----- |
+| Name | F5 WAF CA | Display name for the store type (may be customized) |
+| Short Name | f5WafCa | Short display name for the store type |
+| Capability | f5WafCa | Store type name orchestrator will register with. Check the box to allow entry of value |
+| Supported Job Types (check the box for each) | Add, Discovery, Remove | Job types the extension supports |
+| Supports Add | ✅ | Check the box. Indicates that the Store Type supports Management Add |
+| Supports Remove | ✅ | Check the box. Indicates that the Store Type supports Management Remove |
+| Supports Discovery | ✅ | Check the box. Indicates that the Store Type supports Discovery |
+| Supports Reenrollment |  |  Indicates that the Store Type supports Reenrollment |
+| Supports Create |  |  Indicates that the Store Type supports store creation |
+| Needs Server | ✅ | Determines if a target server name is required when creating store |
+| Blueprint Allowed | ✅ | Determines if store type may be included in an Orchestrator blueprint |
+| Uses PowerShell |  | Determines if underlying implementation is PowerShell |
+| Requires Store Password |  | Determines if a store password is required when configuring an individual store. |
+| Supports Entry Password |  | Determines if an individual entry within a store can have a password. |
+
+The Basic tab should look like this:
+
+![f5WafCa Basic Tab](../docsource/images/f5WafCa-basic-store-type-dialog.png)
+
+### Advanced Tab
+| Attribute | Value | Description |
+| --------- | ----- | ----- |
+| Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. |
+| Private Key Handling | Forbidden | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. |
+| PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) |
+
+The Advanced tab should look like this:
+
+![f5WafCa Advanced Tab](../docsource/images/f5WafCa-advanced-store-type-dialog.png)
+
+### Custom Fields Tab
+Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
+
+| Name | Display Name | Type | Default Value/Options | Required | Description |
+| ---- | ------------ | ---- | --------------------- | -------- | ----------- |
+
+
+The Custom Fields tab should look like this:
+
+![f5WafCa Custom Fields Tab](../docsource/images/f5WafCa-custom-fields-store-type-dialog.png)
+
+
+
+</details>
+
+## Certificate Store Configuration
+
+After creating the `f5WafCa` Certificate Store Type and installing the F5 WAF Universal Orchestrator extension, you can create new [Certificate Stores](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store) to manage certificates in the remote platform.
+
+The following table describes the required and optional fields for the `f5WafCa` certificate store type.
+
+| Attribute | Description | Attribute is PAM Eligible |
+| --------- | ----------- | ------------------------- |
+| Category | Select "F5 WAF CA" or the customized certificate store name from the previous step. | |
+| Container | Optional container to associate certificate store with. | |
+| Client Machine | For the Client Machine field, enter the URL for the F5 Distributed Cloud instance, which typically ends in '.console.ves.volterra.io'. For example, 'https://example.console.ves.volterra.io'. | |
+| Store Path | For the Store Path field, enter the Multi-Cloud App Connect namespace containing the CA Root certificates you wish to manage. For example, 'namespace1'. | |
+| Orchestrator | Select an approved orchestrator capable of managing `f5WafCa` certificates. Specifically, one with the `f5WafCa` capability. | |
+
+* **Using kfutil**
+
+    ```shell
+    # Generate a CSV template for the AzureApp certificate store
+    kfutil stores import generate-template --store-type-name f5WafCa --outpath f5WafCa.csv
+
+    # Open the CSV file and fill in the required fields for each certificate store.
+
+    # Import the CSV file to create the certificate stores
+    kfutil stores import csv --store-type-name f5WafCa --file f5WafCa.csv
+    ```
+
+* **Manually with the Command UI**: In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store using the attributes in the table above.
\ No newline at end of file
diff --git a/docs/f5waftls.md b/docs/f5waftls.md
new file mode 100644
index 0000000..c3d5ca7
--- /dev/null
+++ b/docs/f5waftls.md
@@ -0,0 +1,136 @@
+## F5 WAF TLS
+
+The `f5WafTls` certificate store type is designed to manage TLS certificates within the F5 Distributed Multi-Cloud App Connect platform. These certificates play a crucial role in enabling secure communication over networks by ensuring encrypted connections between clients and servers.
+
+### What does it represent?
+The `f5WafTls` store type represents all TLS certificates that reside within a namespace on the F5 platform. This includes both bound and unbound certificates, enabling comprehensive management and visibility into all TLS certificates in the specified namespace.
+
+### Functionality
+The `f5WafTls` certificate store type supports several key use cases, including:
+1. **Discovery of TLS stores**: Identifies and returns any discoverable namespaces in the F5 WAF instance.
+2. **Inventory of a TLS store**: Provides a complete inventory of all TLS certificates within a namespace, whether they are bound or unbound.
+3. **Management-Add**: Allows for the addition of new certificates or the renewal of existing ones, retaining all existing bindings and applying them to the newly added or renewed certificate.
+4. **Management-Delete**: Supports the removal of unbound certificates from the store. This functionality does not extend to bound certificates, which cannot be deleted.
+
+### Caveats and Limitations
+While the `f5WafTls` store type offers robust certificate management capabilities, there are some notable limitations and areas for potential confusion:
+- **Bound certificates cannot be removed**: The delete operation is only applicable to unbound certificates. Bound certificates must be renewed or replaced but cannot be outright removed.
+- **No SDK used**: This certificate store type does not make use of an SDK, relying instead on direct interactions with the F5 Distributed Multi-Cloud App Connect APIs.
+
+Overall, the `f5WafTls` certificate store type is a powerful tool for managing TLS certificates within the F5 platform, offering essential functionality while also having specific limitations that users should be mindful of.
+
+
+
+### Supported Job Types
+
+| Job Name | Supported |
+| -------- | --------- |
+| Inventory | ✅ |
+| Management Add | ✅ |
+| Management Remove | ✅ |
+| Discovery | ✅ |
+| Create |  |
+| Reenrollment |  |
+
+## Requirements
+
+### Creating an F5 WAF API Token
+
+In lieu of providing a server password when setting up an F5 WAF certificate store, F5 Multi-Cloud App Connect uses API tokens combined with the user id to authenticate when calling APIs.  API Tokens can be created through the F5 Distributed Cloud Console after logging in with the ID you wish to use for the Keyfactor certificate store.  Once logged in, select Multi-Cloud App Connect from the options under "Common services".  Next, select Account Services from the pull down at the top right of the screen, and select "Account Settings".  From there, click on "Credentials" on the left nav and "Add Credentials" on the subsequent screen.  In the form shown, select "API Token" from the Credential Type dropdown, and enter the name of the credential and the expiration date.  Please note that credentials can only be created for up to 90 day periods of time.  After 90 days, a new API token will need to be generated and replaced in your F5 WAF certificate store(s).  Clicking Generate will then show the value of the newly created API Token.  Copy this and save to a safe place, as this will be the value you will enter in the Server Password field when setting up your certificate store.  If you forget or lose this token value, there is no way to access it again in the F5 Distributed Cloud portal.  You will need to create a new API Token.
+
+![](Images/image1.gif)
+![](Images/image2.gif)
+![](Images/image3.gif)
+![](Images/image4.gif)
+![](Images/image5.gif)
+![](Images/image6.gif)
+
+
+
+## Certificate Store Type Configuration
+
+The recommended method for creating the `f5WafTls` Certificate Store Type is to use [kfutil](https://github.com/Keyfactor/kfutil). After installing, use the following command to create the `` Certificate Store Type:
+
+```shell
+kfutil store-types create f5WafTls
+```
+
+<details><summary>f5WafTls</summary>
+
+Create a store type called `f5WafTls` with the attributes in the tables below:
+
+### Basic Tab
+| Attribute | Value | Description |
+| --------- | ----- | ----- |
+| Name | F5 WAF TLS | Display name for the store type (may be customized) |
+| Short Name | f5WafTls | Short display name for the store type |
+| Capability | f5WafTls | Store type name orchestrator will register with. Check the box to allow entry of value |
+| Supported Job Types (check the box for each) | Add, Discovery, Remove | Job types the extension supports |
+| Supports Add | ✅ | Check the box. Indicates that the Store Type supports Management Add |
+| Supports Remove | ✅ | Check the box. Indicates that the Store Type supports Management Remove |
+| Supports Discovery | ✅ | Check the box. Indicates that the Store Type supports Discovery |
+| Supports Reenrollment |  |  Indicates that the Store Type supports Reenrollment |
+| Supports Create |  |  Indicates that the Store Type supports store creation |
+| Needs Server | ✅ | Determines if a target server name is required when creating store |
+| Blueprint Allowed | ✅ | Determines if store type may be included in an Orchestrator blueprint |
+| Uses PowerShell |  | Determines if underlying implementation is PowerShell |
+| Requires Store Password |  | Determines if a store password is required when configuring an individual store. |
+| Supports Entry Password |  | Determines if an individual entry within a store can have a password. |
+
+The Basic tab should look like this:
+
+![f5WafTls Basic Tab](../docsource/images/f5WafTls-basic-store-type-dialog.png)
+
+### Advanced Tab
+| Attribute | Value | Description |
+| --------- | ----- | ----- |
+| Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. |
+| Private Key Handling | Required | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. |
+| PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) |
+
+The Advanced tab should look like this:
+
+![f5WafTls Advanced Tab](../docsource/images/f5WafTls-advanced-store-type-dialog.png)
+
+### Custom Fields Tab
+Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
+
+| Name | Display Name | Type | Default Value/Options | Required | Description |
+| ---- | ------------ | ---- | --------------------- | -------- | ----------- |
+
+
+The Custom Fields tab should look like this:
+
+![f5WafTls Custom Fields Tab](../docsource/images/f5WafTls-custom-fields-store-type-dialog.png)
+
+
+
+</details>
+
+## Certificate Store Configuration
+
+After creating the `f5WafTls` Certificate Store Type and installing the F5 WAF Universal Orchestrator extension, you can create new [Certificate Stores](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store) to manage certificates in the remote platform.
+
+The following table describes the required and optional fields for the `f5WafTls` certificate store type.
+
+| Attribute | Description | Attribute is PAM Eligible |
+| --------- | ----------- | ------------------------- |
+| Category | Select "F5 WAF TLS" or the customized certificate store name from the previous step. | |
+| Container | Optional container to associate certificate store with. | |
+| Client Machine | For the Client Machine field, enter the URL for the F5 Distributed Cloud instance, which typically ends in '.console.ves.volterra.io'. For example, 'https://example.console.ves.volterra.io'. | |
+| Store Path | For the Store Path field, enter the Multi-Cloud App Connect namespace containing the TLS certificates you wish to manage. For example, 'namespace1'. | |
+| Orchestrator | Select an approved orchestrator capable of managing `f5WafTls` certificates. Specifically, one with the `f5WafTls` capability. | |
+
+* **Using kfutil**
+
+    ```shell
+    # Generate a CSV template for the AzureApp certificate store
+    kfutil stores import generate-template --store-type-name f5WafTls --outpath f5WafTls.csv
+
+    # Open the CSV file and fill in the required fields for each certificate store.
+
+    # Import the CSV file to create the certificate stores
+    kfutil stores import csv --store-type-name f5WafTls --file f5WafTls.csv
+    ```
+
+* **Manually with the Command UI**: In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store using the attributes in the table above.
\ No newline at end of file
diff --git a/docsource/f5wafca.md b/docsource/f5wafca.md
new file mode 100644
index 0000000..7bd09de
--- /dev/null
+++ b/docsource/f5wafca.md
@@ -0,0 +1,34 @@
+## Overview
+
+The `f5WafCa` certificate store type is designed to manage CA Root certificates within the F5 Distributed Multi-Cloud App Connect platform. CA Root certificates are critical components that establish a chain of trust between entities, ensuring the authenticity and reliability of certificates issued by intermediate Certificate Authorities.
+
+### What does it represent?
+The `f5WafCa` store type represents all CA Root certificates residing within a namespace on the F5 platform. This comprehensive management scope includes discovery, inventory, addition, renewal, and deletion of CA Root certificates within the specified namespace.
+
+### Functionality
+The `f5WafCa` certificate store type supports several key use cases, including:
+1. **Discovery of CA Root stores**: Identifies and returns any discoverable namespaces in the F5 WAF instance.
+2. **Inventory of a CA Root store**: Provides a complete inventory of all CA Root certificates within a namespace.
+3. **Management-Add**: Allows the addition of new certificates or the renewal of existing ones.
+4. **Management-Delete**: Supports the removal of existing certificates. However, deleting a CA Root certificate replaces all instances of the same certificate within the namespace, which is an intrinsic F5 WAF feature beyond the control of this integration.
+
+### Caveats and Limitations
+While the `f5WafCa` store type offers essential capabilities for managing CA Root certificates, there are some notable limitations and areas for potential confusion:
+- **Replacing Multiple Instances**: Deleting a CA Root certificate will replace every instance of that certificate across the namespace, not just the one represented by the intended alias. Users must be cautious and aware of this behavior.
+- **No SDK used**: This certificate store type does not utilize an SDK, relying instead on direct interactions with the F5 Distributed Multi-Cloud App Connect APIs.
+
+Overall, the `f5WafCa` certificate store type is a powerful tool for managing CA Root certificates within the F5 platform, providing extensive functionality while also having specific limitations that users need to be aware of.
+
+## Requirements
+
+### Creating an F5 WAF API Token
+
+In lieu of providing a server password when setting up an F5 WAF certificate store, F5 Multi-Cloud App Connect uses API tokens combined with the user id to authenticate when calling APIs.  API Tokens can be created through the F5 Distributed Cloud Console after logging in with the ID you wish to use for the Keyfactor certificate store.  Once logged in, select Multi-Cloud App Connect from the options under "Common services".  Next, select Account Services from the pull down at the top right of the screen, and select "Account Settings".  From there, click on "Credentials" on the left nav and "Add Credentials" on the subsequent screen.  In the form shown, select "API Token" from the Credential Type dropdown, and enter the name of the credential and the expiration date.  Please note that credentials can only be created for up to 90 day periods of time.  After 90 days, a new API token will need to be generated and replaced in your F5 WAF certificate store(s).  Clicking Generate will then show the value of the newly created API Token.  Copy this and save to a safe place, as this will be the value you will enter in the Server Password field when setting up your certificate store.  If you forget or lose this token value, there is no way to access it again in the F5 Distributed Cloud portal.  You will need to create a new API Token.
+
+![](Images/image1.gif)
+![](Images/image2.gif)
+![](Images/image3.gif)
+![](Images/image4.gif)
+![](Images/image5.gif)
+![](Images/image6.gif)
+
diff --git a/docsource/f5waftls.md b/docsource/f5waftls.md
new file mode 100644
index 0000000..6bea061
--- /dev/null
+++ b/docsource/f5waftls.md
@@ -0,0 +1,34 @@
+## Overview
+
+The `f5WafTls` certificate store type is designed to manage TLS certificates within the F5 Distributed Multi-Cloud App Connect platform. These certificates play a crucial role in enabling secure communication over networks by ensuring encrypted connections between clients and servers.
+
+### What does it represent?
+The `f5WafTls` store type represents all TLS certificates that reside within a namespace on the F5 platform. This includes both bound and unbound certificates, enabling comprehensive management and visibility into all TLS certificates in the specified namespace.
+
+### Functionality
+The `f5WafTls` certificate store type supports several key use cases, including:
+1. **Discovery of TLS stores**: Identifies and returns any discoverable namespaces in the F5 WAF instance.
+2. **Inventory of a TLS store**: Provides a complete inventory of all TLS certificates within a namespace, whether they are bound or unbound.
+3. **Management-Add**: Allows for the addition of new certificates or the renewal of existing ones, retaining all existing bindings and applying them to the newly added or renewed certificate.
+4. **Management-Delete**: Supports the removal of unbound certificates from the store. This functionality does not extend to bound certificates, which cannot be deleted.
+
+### Caveats and Limitations
+While the `f5WafTls` store type offers robust certificate management capabilities, there are some notable limitations and areas for potential confusion:
+- **Bound certificates cannot be removed**: The delete operation is only applicable to unbound certificates. Bound certificates must be renewed or replaced but cannot be outright removed.
+- **No SDK used**: This certificate store type does not make use of an SDK, relying instead on direct interactions with the F5 Distributed Multi-Cloud App Connect APIs.
+
+Overall, the `f5WafTls` certificate store type is a powerful tool for managing TLS certificates within the F5 platform, offering essential functionality while also having specific limitations that users should be mindful of.
+
+## Requirements
+
+### Creating an F5 WAF API Token
+
+In lieu of providing a server password when setting up an F5 WAF certificate store, F5 Multi-Cloud App Connect uses API tokens combined with the user id to authenticate when calling APIs.  API Tokens can be created through the F5 Distributed Cloud Console after logging in with the ID you wish to use for the Keyfactor certificate store.  Once logged in, select Multi-Cloud App Connect from the options under "Common services".  Next, select Account Services from the pull down at the top right of the screen, and select "Account Settings".  From there, click on "Credentials" on the left nav and "Add Credentials" on the subsequent screen.  In the form shown, select "API Token" from the Credential Type dropdown, and enter the name of the credential and the expiration date.  Please note that credentials can only be created for up to 90 day periods of time.  After 90 days, a new API token will need to be generated and replaced in your F5 WAF certificate store(s).  Clicking Generate will then show the value of the newly created API Token.  Copy this and save to a safe place, as this will be the value you will enter in the Server Password field when setting up your certificate store.  If you forget or lose this token value, there is no way to access it again in the F5 Distributed Cloud portal.  You will need to create a new API Token.
+
+![](Images/image1.gif)
+![](Images/image2.gif)
+![](Images/image3.gif)
+![](Images/image4.gif)
+![](Images/image5.gif)
+![](Images/image6.gif)
+
diff --git a/docsource/overview.md b/docsource/overview.md
new file mode 100644
index 0000000..12cbbd4
--- /dev/null
+++ b/docsource/overview.md
@@ -0,0 +1,10 @@
+## Overview
+
+The F5 WAF Universal Orchestrator extension remotely manages TLS and CA Root certificates uploaded to F5 Distributed Multi-Cloud App Connect, which is the F5 platform that manages WAF services. Certificates bound to HTTP Load Balancers within Multi-Cloud App Connect can be renewed or replaced, but they cannot be removed.
+
+The extension uses two primary certificate store types: `f5WafTls` and `f5WafCa`. These store types are used to manage stores containing TLS and CA Root certificates, respectively. The `f5WafTls` certificate store type is focused on managing TLS certificates, which are used to enable secure communication over networks. Use cases for `f5WafTls` include discovery of TLS stores, inventorying all TLS certificates within a namespace, adding or renewing certificates, and removing unbound certificates.
+
+On the other hand, the `f5WafCa` store type is used for managing CA Root certificates, which are essential for establishing a chain of trust between different entities. The use cases for `f5WafCa` are similar to those of `f5WafTls`, including discovery, inventory, and management of certificates. However, it is important to note that deleting a CA Root certificate replaces all instances of the same certificate within the namespace, due to an F5 WAF feature.
+
+Overall, this extension simplifies the management of certificates within the F5 Distributed Multi-Cloud App Connect platform, providing seamless integration with Keyfactor Command.
+
diff --git a/integration-manifest.json b/integration-manifest.json
index 7cd4ebc..f260429 100644
--- a/integration-manifest.json
+++ b/integration-manifest.json
@@ -1,88 +1,92 @@
 {
-  "$schema": "https://keyfactor.github.io/integration-manifest-schema.json",
-  "integration_type": "orchestrator",
-  "name": "F5 WAF",
-  "status": "production",
-  "link_github": true,
-  "update_catalog": true,
-  "release_dir": "F5WafOrchestrator/bin/Release",
-  "support_level": "kf-supported",
-  "description": "The F5 WAF Orchestrator is an extension to the Keyfactor Universal Orchestrator. It Integrates with Multi-Cloud App Connect, which is F5 Distributed Cloud's service for connecting apps across clouds and within on premise installationss using load balancers. The purpose of the F5 WAF orchestrator is to manage the TLS and CA Root certificates. The TLS certificates may be bound to load balancers.  The orchestrator facilitates the inventory, addition, renewal, and removal of these certificates as well as the discovery of namespaces (certificate stores) within the F5 Multi-Cloud App Connect instance.",
-  "about": {
-    "orchestrator": {
-      "UOFramework": "10.4.1",
-      "pam_support": true,
-      "keyfactor_platform_version": "9.10",
-      "win": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": true,
-        "supportsManagementAdd": true,
-        "supportsManagementRemove": true,
-        "supportsReenrollment": false,
-        "supportsInventory": true,
-        "platformSupport": "Unused"
-      },
-      "linux": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": true,
-        "supportsManagementAdd": true,
-        "supportsManagementRemove": true,
-        "supportsReenrollment": false,
-        "supportsInventory": true,
-        "platformSupport": "Unused"
-      },
-      "store_types": {
-        "f5WafTls": {
-          "Name": "F5 WAF TLS",
-          "ShortName": "f5WafTls",
-          "Capability": "f5WafTls",
-          "SupportedOperations": {
-            "Add": true,
-            "Create": false,
-            "Discovery": true,
-            "Enrollment": false,
-            "Remove": true
-          },
-          "Properties": [],
-          "EntryParameters": [],
-          "PasswordOptions": {
-            "EntrySupported": false,
-            "StoreRequired": false,
-            "Style": "Default"
-          },
-          "PrivateKeyAllowed": "Required",
-          "JobProperties": [],
-          "ServerRequired": true,
-          "PowerShell": false,
-          "BlueprintAllowed": true,
-          "CustomAliasAllowed": "Required"
-        },
-        "f5WafCa": {
-          "Name": "F5 WAF CA",
-          "ShortName": "f5WafCa",
-          "Capability": "f5WafCa",
-          "SupportedOperations": {
-            "Add": true,
-            "Create": false,
-            "Discovery": true,
-            "Enrollment": false,
-            "Remove": true
-          },
-          "Properties": [],
-          "EntryParameters": [],
-          "PasswordOptions": {
-            "EntrySupported": false,
-            "StoreRequired": false,
-            "Style": "Default"
-          },
-          "PrivateKeyAllowed": "Forbidden",
-          "JobProperties": [],
-          "ServerRequired": true,
-          "PowerShell": false,
-          "BlueprintAllowed": true,
-          "CustomAliasAllowed": "Required"
+    "$schema": "/Users/hroszell/coding/dev/staff-tools/keyfactor.github.io/v2/integration-manifest-schema.json",
+    "integration_type": "orchestrator",
+    "name": "F5 WAF",
+    "status": "production",
+    "link_github": true,
+    "update_catalog": true,
+    "release_dir": "F5WafOrchestrator/bin/Release",
+    "support_level": "kf-supported",
+    "description": "The F5 WAF Orchestrator is an extension to the Keyfactor Universal Orchestrator. It Integrates with Multi-Cloud App Connect, which is F5 Distributed Cloud's service for connecting apps across clouds and within on premise installationss using load balancers. The purpose of the F5 WAF orchestrator is to manage the TLS and CA Root certificates. The TLS certificates may be bound to load balancers.  The orchestrator facilitates the inventory, addition, renewal, and removal of these certificates as well as the discovery of namespaces (certificate stores) within the F5 Multi-Cloud App Connect instance.",
+    "about": {
+        "orchestrator": {
+            "UOFramework": "10.4.1",
+            "pam_support": true,
+            "keyfactor_platform_version": "9.10",
+            "win": {
+                "supportsCreateStore": false,
+                "supportsDiscovery": true,
+                "supportsManagementAdd": true,
+                "supportsManagementRemove": true,
+                "supportsReenrollment": false,
+                "supportsInventory": true,
+                "platformSupport": "Unused"
+            },
+            "linux": {
+                "supportsCreateStore": false,
+                "supportsDiscovery": true,
+                "supportsManagementAdd": true,
+                "supportsManagementRemove": true,
+                "supportsReenrollment": false,
+                "supportsInventory": true,
+                "platformSupport": "Unused"
+            },
+            "store_types": [
+                {
+                    "Name": "F5 WAF TLS",
+                    "ShortName": "f5WafTls",
+                    "Capability": "f5WafTls",
+                    "SupportedOperations": {
+                        "Add": true,
+                        "Create": false,
+                        "Discovery": true,
+                        "Enrollment": false,
+                        "Remove": true
+                    },
+                    "Properties": [],
+                    "EntryParameters": [],
+                    "PasswordOptions": {
+                        "EntrySupported": false,
+                        "StoreRequired": false,
+                        "Style": "Default"
+                    },
+                    "PrivateKeyAllowed": "Required",
+                    "JobProperties": [],
+                    "ServerRequired": true,
+                    "PowerShell": false,
+                    "BlueprintAllowed": true,
+                    "CustomAliasAllowed": "Required",
+                    "ClientMachineDescription": "For the Client Machine field, enter the URL for the F5 Distributed Cloud instance, which typically ends in '.console.ves.volterra.io'. For example, 'https://example.console.ves.volterra.io'.",
+                    "StorePathDescription": "For the Store Path field, enter the Multi-Cloud App Connect namespace containing the TLS certificates you wish to manage. For example, 'namespace1'."
+                },
+                {
+                    "Name": "F5 WAF CA",
+                    "ShortName": "f5WafCa",
+                    "Capability": "f5WafCa",
+                    "SupportedOperations": {
+                        "Add": true,
+                        "Create": false,
+                        "Discovery": true,
+                        "Enrollment": false,
+                        "Remove": true
+                    },
+                    "Properties": [],
+                    "EntryParameters": [],
+                    "PasswordOptions": {
+                        "EntrySupported": false,
+                        "StoreRequired": false,
+                        "Style": "Default"
+                    },
+                    "PrivateKeyAllowed": "Forbidden",
+                    "JobProperties": [],
+                    "ServerRequired": true,
+                    "PowerShell": false,
+                    "BlueprintAllowed": true,
+                    "CustomAliasAllowed": "Required",
+                    "ClientMachineDescription": "For the Client Machine field, enter the URL for the F5 Distributed Cloud instance, which typically ends in '.console.ves.volterra.io'. For example, 'https://example.console.ves.volterra.io'.",
+                    "StorePathDescription": "For the Store Path field, enter the Multi-Cloud App Connect namespace containing the CA Root certificates you wish to manage. For example, 'namespace1'."
+                }
+            ]
         }
-      }
     }
-  }
-}
+}
\ No newline at end of file