diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml
index aa54b9c..a4649f2 100644
--- a/.github/workflows/keyfactor-starter-workflow.yml
+++ b/.github/workflows/keyfactor-starter-workflow.yml
@@ -11,9 +11,10 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
-      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
\ No newline at end of file
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}
diff --git a/Bundle/Discovery.cs b/Bundle/Discovery.cs
index edbc5e8..d7de948 100644
--- a/Bundle/Discovery.cs
+++ b/Bundle/Discovery.cs
@@ -40,6 +40,9 @@ public override JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDis
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
 
                 F5Client f5 = new F5Client(certificateStore, ServerUserName, ServerPassword, config.UseSSL, string.Empty, true, false, new List<PreviousInventoryItem>());
+
+                ValidateF5Release(logger, certificateStore, f5);
+
                 List<string> partitions = f5.GetPartitions().Select(p => p.name).ToList();
 
                 LogHandlerCommon.Trace(logger, certificateStore, $"Found {partitions?.Count} partitions");
diff --git a/Bundle/Inventory.cs b/Bundle/Inventory.cs
index cd21739..7780574 100644
--- a/Bundle/Inventory.cs
+++ b/Bundle/Inventory.cs
@@ -40,7 +40,9 @@ public override JobResult ProcessJob(InventoryJobConfiguration config, SubmitInv
             {
                 base.ParseJobProperties();
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
-                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, UseTokenAuth, config.LastInventory) { F5Version = base.F5Version };
+                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, UseTokenAuth, config.LastInventory);
+
+                ValidateF5Release(logger, JobConfig.CertificateStoreDetails, f5);
 
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, $"Getting inventory for CA Bundle '{config.CertificateStoreDetails.StorePath}'");
                 inventory = f5.GetCABundleInventory();
@@ -48,6 +50,9 @@ public override JobResult ProcessJob(InventoryJobConfiguration config, SubmitInv
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, $"Submitting {inventory?.Count} inventory entries for CA Bundle '{config.CertificateStoreDetails.StorePath}'");
                 submitInventory.Invoke(inventory);
 
+                if (UseTokenAuth)
+                    f5.RemoveToken();
+
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, "Job complete");
                 return new JobResult { Result = OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId };
             }
diff --git a/Bundle/Management.cs b/Bundle/Management.cs
index b88fc57..109e726 100644
--- a/Bundle/Management.cs
+++ b/Bundle/Management.cs
@@ -50,10 +50,11 @@ public override JobResult ProcessJob(ManagementJobConfiguration config)
 
                 F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, config.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, UseTokenAuth, config.LastInventory)
                 {
-                    PrimaryNode = base.PrimaryNode,
-                    F5Version = base.F5Version
+                    PrimaryNode = base.PrimaryNode
                 };
 
+                ValidateF5Release(logger, JobConfig.CertificateStoreDetails, f5);
+
                 switch (config.OperationType)
                 {
                     case CertStoreOperationType.Add:
@@ -69,6 +70,9 @@ public override JobResult ProcessJob(ManagementJobConfiguration config)
                         throw new Exception($"Management job expecting 'Add' or 'Remove' job - received '{Enum.GetName(typeof(CertStoreOperationType), config.OperationType)}'");
                 }
 
+                if (UseTokenAuth)
+                    f5.RemoveToken();
+
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, "Job complete");
                 return new JobResult { Result = OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId};
             }
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1a63531..174d356 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+v1.7.0 
+- Deprecate F5 Version Custom Field for all store types.
+- Make Store Password a "PAM eligible" field on the orchestrator
+- Remove session token at end of each job
+- Convert documentation to use Doctool
+- Create separate .net6 and .net8 builds on release
+
 v1.6.0
 - Add Store Password (optional) to allow for setting key type to "Password" when adding/replacing a certificate.  This will encrypt the private key deployed on the F5 device with the password set as the Store Password.
 
diff --git a/DiscoveryBase.cs b/DiscoveryBase.cs
index 1a3049e..88ef1d5 100644
--- a/DiscoveryBase.cs
+++ b/DiscoveryBase.cs
@@ -19,7 +19,7 @@ public abstract class DiscoveryBase : F5JobBase, IDiscoveryJobExtension
 
         protected DiscoveryJobConfiguration JobConfig { get; set; }
 
-        public string ExtensionName => string.Empty;
+        public string ExtensionName => "Keyfactor.Extensions.Orchestrator.F5Orchestrator.Discovery";
 
         public abstract JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpdate submitDiscovery);
     }
diff --git a/F5Client.cs b/F5Client.cs
index 51fc30a..f40500c 100644
--- a/F5Client.cs
+++ b/F5Client.cs
@@ -21,6 +21,9 @@
 
 using Newtonsoft.Json;
 using System.Collections;
+using System.Collections.Concurrent;
+using System.Drawing.Printing;
+using System.Diagnostics.CodeAnalysis;
 
 namespace Keyfactor.Extensions.Orchestrator.F5Orchestrator
 {
@@ -34,6 +37,8 @@ internal class F5Client
         private const string INVALID_KEY_SUBSTR = "key(";
         private const string INVALID_KEY_BEG_DELIM = @"/";
         private const string INVALID_KEY_END_DELIM = ")";
+        private const int MIN_VERSION_SUPPORTED = 14;
+        private const string VERSION_DELIMITER = "?ver=";
 
         public CertificateStore CertificateStore { get; set; }
         public string ServerUserName { get; set; }
@@ -43,7 +48,6 @@ internal class F5Client
         public string PFXPassword { get; set; }
         public IEnumerable<PreviousInventoryItem> Inventory { get; set; }
         public string PrimaryNode { get; set; }
-        public string F5Version { get; set; }
         public bool IgnoreSSLWarning { get; set; }
         public bool UseTokenAuth { get; set; }
         private RESTHandler REST { get; set; }
@@ -141,26 +145,23 @@ public void RemoveEntry(string partition, string name)
                 ArchiveFile($"/config/filestore/files_d/{partition}_d/certificate_key_d/:{partition}:{name}_*", $"{partition}-{name}-{timestamp}.key");
                 LogHandlerCommon.Trace(logger, CertificateStore, $"Removing certificate and key at '{partition}' and name '{name}'");
 
-                string keyName = GetKeyName(name, true);
-                REST.Delete($"/mgmt/tm/sys/file/ssl-key/~{partition}~{keyName}");
+                REST.Delete($"/mgmt/tm/sys/file/ssl-key/~{partition}~{name}");
             }
             LogHandlerCommon.Trace(logger, CertificateStore, $"Archiving certificate at '{partition}' and name '{name}'");
             ArchiveFile($"/config/filestore/files_d/{partition}_d/certificate_d/:{partition}:{name}_*", $"{partition}-{name}-{timestamp}.crt");
             LogHandlerCommon.Trace(logger, CertificateStore, $"Removing certificate at '{partition}' and name '{name}'");
 
-            string crtName = GetCrtName(name, true);
-            REST.Delete($"/mgmt/tm/sys/file/ssl-cert/~{partition}~{crtName}");
+            REST.Delete($"/mgmt/tm/sys/file/ssl-cert/~{partition}~{name}");
             LogHandlerCommon.MethodExit(logger, CertificateStore, "RemoveEntry");
         }
 
-        public bool KeyExists(string partition, string name)
+        public bool KeyExists(string partition, string keyName)
         {
             LogHandlerCommon.MethodEntry(logger, CertificateStore, "KeyExists");
             bool exists = false;
 
             try
             {
-                string keyName = GetKeyName(name, true);
                 string query = $"/mgmt/tm/sys/file/ssl-key/~{partition}~{keyName}";
                 F5Key key = REST.Get<F5Key>(query);
                 exists = (key != null);
@@ -178,14 +179,13 @@ public bool KeyExists(string partition, string name)
             return exists;
         }
 
-        public bool CertificateExists(string partition, string name)
+        public bool CertificateExists(string partition, string crtName)
         {
             LogHandlerCommon.MethodEntry(logger, CertificateStore, "CertificateExists");
             bool exists = false;
 
             try
             {
-                string crtName = GetCrtName(name, true);
                 string query = $"/mgmt/tm/sys/file/ssl-cert/~{partition}~{crtName}";
                 F5SSLProfile certificate = REST.Get<F5SSLProfile>(query);
                 exists = (certificate != null);
@@ -406,12 +406,12 @@ private void SetItemStatus(CurrentInventoryItem agentInventoryItem)
             LogHandlerCommon.MethodExit(logger, CertificateStore, "SetItemStatus");
         }
 
-        private CurrentInventoryItem GetInventoryItem(string partition, string name, bool hasPrivateKey)
+        private CurrentInventoryItem GetInventoryItem(string partition, string crtName, bool hasPrivateKey)
         {
             LogHandlerCommon.MethodEntry(logger, CertificateStore, "GetInventoryItem");
 
             // Get the pfx/certificate contents from the filesystem (using a wildcard as the files have slightly randomized name suffixes)
-            X509Certificate2Collection certificateCollection = GetCertificateEntry($"/config/filestore/files_d/{partition}_d/certificate_d/:{partition}:{name}_*");
+            X509Certificate2Collection certificateCollection = GetCertificateEntry($"/config/filestore/files_d/{partition}_d/certificate_d/:{partition}:{crtName}_*");
             List<string> certContents = new List<string>();
             bool useChainLevel = certificateCollection.Count > 1;
             foreach (X509Certificate2 certificate in certificateCollection)
@@ -420,7 +420,6 @@ private CurrentInventoryItem GetInventoryItem(string partition, string name, boo
                 //LogHandlerCommon.Debug(logger, CertificateStore, $"ALIAS: {name}: {Convert.ToBase64String(certificate.Export(X509ContentType.Cert))}");
             }
 
-            string crtName = GetCrtName(name, false);
             CurrentInventoryItem inventoryItem = new CurrentInventoryItem
             {
                 ItemStatus = OrchestratorInventoryItemStatus.Unknown,
@@ -434,61 +433,6 @@ private CurrentInventoryItem GetInventoryItem(string partition, string name, boo
             return inventoryItem;
         }
 
-        private string GetCrtName(string name, bool addExtension)
-        {
-            LogHandlerCommon.MethodEntry(logger, CertificateStore, "GetCrtName");
-            string crtName = name;
-
-            switch (F5Version.ToLowerInvariant())
-            {
-                case "v12":
-                    throw new Exception($"F5 Version 12 is not supported by the REST-based orchestrator. The legacy SOAP-based orchestrator should be used.");
-                case "v13":
-                    if (addExtension)
-                    {
-                        // The .crt extension must be added
-                        if (!crtName.EndsWith(".crt", StringComparison.OrdinalIgnoreCase)) { crtName = $"{crtName}.crt"; }
-                    }
-                    else
-                    {
-                        // The .crt extension must be removed
-                        if (crtName.EndsWith(".crt", StringComparison.OrdinalIgnoreCase)) { crtName = crtName.Substring(0, crtName.Length - 4); }
-                    }
-                    break;
-            };
-
-            LogHandlerCommon.MethodExit(logger, CertificateStore, "GetCrtName");
-            return crtName;
-        }
-
-        private string GetKeyName(string name, bool addExtension)
-        {
-            LogHandlerCommon.MethodEntry(logger, CertificateStore, "GetKeyName");
-            string keyName = name;
-
-            // No longer checking past version 14 for future-proofing
-            switch (F5Version.ToLowerInvariant())
-            {
-                case "v12":
-                    throw new Exception($"F5 Version 12 is not supported by the REST-based orchestrator. The legacy SOAP-based orchestrator should be used.");
-                case "v13":
-                    if (addExtension)
-                    {
-                        // The .key extension must be added
-                        if (!keyName.EndsWith(".key", StringComparison.OrdinalIgnoreCase)) { keyName = $"{keyName}.key"; }
-                    }
-                    else
-                    {
-                        // The .key extension must be removed
-                        if (keyName.EndsWith(".key", StringComparison.OrdinalIgnoreCase)) { keyName = keyName.Substring(0, keyName.Length - 4); }
-                    }
-                    break;
-            };
-
-            LogHandlerCommon.MethodExit(logger, CertificateStore, "GetKeyName");
-            return keyName;
-        }
-
         // Certificate PFX Shared
         #endregion
 
@@ -728,7 +672,7 @@ public List<CurrentInventoryItem> GetSSLProfiles(int pageSize)
         // SSL Profiles
         #endregion
 
-        #region Auth
+        #region Auth & Version
 
         private string GetToken(string userName, string userPassword)
         {
@@ -739,6 +683,39 @@ private string GetToken(string userName, string userPassword)
 
             return loginResponse.token.token;
         }
+
+        internal void RemoveToken()
+        {
+            LogHandlerCommon.MethodEntry(logger, CertificateStore, "RemoveToken");
+            REST.Delete($"/mgmt/shared/authz/tokens/{REST.Token}");
+            LogHandlerCommon.MethodExit(logger, CertificateStore, "RemoveToken");
+        }
+
+        internal void ValidateF5Version()
+        {
+            LogHandlerCommon.MethodEntry(logger, CertificateStore, "IsVersionSupported");
+
+            string query = $"/mgmt/tm/sys/version";
+            F5Version f5Version = REST.Get<F5Version>(query);
+            LogHandlerCommon.Debug(logger, CertificateStore, $"Version supported self link: {f5Version.selfLink}");
+            if (!f5Version.selfLink.Contains(VERSION_DELIMITER))
+                return;
+
+            string selfLink = f5Version.selfLink;
+            string strVersion = selfLink.Substring(selfLink.IndexOf(VERSION_DELIMITER, StringComparison.CurrentCultureIgnoreCase) + VERSION_DELIMITER.Length, 2);
+            int version;
+            if (!int.TryParse(strVersion, out version))
+                return;
+
+            LogHandlerCommon.MethodExit(logger, CertificateStore, "IsVersionSupported");
+
+            if (version < MIN_VERSION_SUPPORTED)
+            {
+                string errMesage = $"F5 version {version.ToString()} not supported by this version of the F5 Orchestrator Extension.  This orchestrator extension only supports verion {MIN_VERSION_SUPPORTED.ToString()} and later.";
+                logger.LogError(errMesage);
+                throw new Exception(errMesage);
+            }
+        }
         #endregion
 
         #region Bundles
@@ -822,8 +799,7 @@ public bool EntryExistsInBundle(string alias)
             List<string> bundleIncludes = new List<string>(GetCABundleIncludes());
             string partition = GetPartitionFromStorePath();
 
-            string crtName = GetCrtName(alias, true);
-            exists = bundleIncludes.Any<string>(i => i.Equals($"/{partition}/{crtName}", StringComparison.OrdinalIgnoreCase));
+            exists = bundleIncludes.Any<string>(i => i.Equals($"/{partition}/{alias}", StringComparison.OrdinalIgnoreCase));
 
             LogHandlerCommon.MethodExit(logger, CertificateStore, "EntryExistsInBundle");
             return exists;
@@ -855,26 +831,25 @@ private string[] GetCABundleIncludes()
             return includeBundle;
         }
 
-        public void AddBundleEntry(string bundle, string partition, string name, string b64Certificate, string alias, bool overwrite)
+        public void AddBundleEntry(string bundle, string partition, string crtName, string b64Certificate, string alias, bool overwrite)
         {
             LogHandlerCommon.MethodEntry(logger, CertificateStore, "AddBundleEntry");
 
             // Add the entry to inventory
-            if (!CertificateExists(partition, name))
+            if (!CertificateExists(partition, crtName))
             {
-                LogHandlerCommon.Debug(logger, CertificateStore, $"Add entry '{name}' in '{CertificateStore.StorePath}'");
-                AddEntry(partition, name, b64Certificate, null);
+                LogHandlerCommon.Debug(logger, CertificateStore, $"Add entry '{crtName}' in '{CertificateStore.StorePath}'");
+                AddEntry(partition, crtName, b64Certificate, null);
             }
             else
             {
-                if (!overwrite) { throw new Exception($"An entry named '{name}' exists and 'overwrite' was not selected"); }
+                if (!overwrite) { throw new Exception($"An entry named '{crtName}' exists and 'overwrite' was not selected"); }
 
-                LogHandlerCommon.Debug(logger, CertificateStore, $"Replace entry '{name}' in '{CertificateStore.StorePath}'");
-                ReplaceEntry(partition, name, b64Certificate, null);
+                LogHandlerCommon.Debug(logger, CertificateStore, $"Replace entry '{crtName}' in '{CertificateStore.StorePath}'");
+                ReplaceEntry(partition, crtName, b64Certificate, null);
             }
 
             // Add the entry to the bundle
-            string crtName = GetCrtName(name, true);
             string crt = $"/{partition}/{crtName}";
             List<string> bundleIncludes = new List<string>(GetCABundleIncludes());
             if (!bundleIncludes.Contains(crt))
@@ -886,11 +861,10 @@ public void AddBundleEntry(string bundle, string partition, string name, string
             LogHandlerCommon.MethodExit(logger, CertificateStore, "AddBundleEntry");
         }
 
-        public void RemoveBundleEntry(string bundle, string partition, string name)
+        public void RemoveBundleEntry(string bundle, string partition, string crtName)
         {
             LogHandlerCommon.MethodEntry(logger, CertificateStore, "RemoveBundleEntry");
 
-            string crtName = GetCrtName(name, true);
             string crtEntry = $"/{partition}/{crtName}";
 
             LogHandlerCommon.Trace(logger, CertificateStore, $"Preparing to remove bundle entry '{crtEntry}'");
diff --git a/F5DataModels.cs b/F5DataModels.cs
index 7ea6aae..5eff794 100644
--- a/F5DataModels.cs
+++ b/F5DataModels.cs
@@ -157,6 +157,11 @@ public class F5LoginToken
         public string token { get; set; }
     }
 
+    public class F5Version
+    {
+        public string selfLink { get; set; }
+    }
+
     // F5 data models
     #endregion
 }
diff --git a/F5JobBase.cs b/F5JobBase.cs
index df7edcf..9cb0fec 100644
--- a/F5JobBase.cs
+++ b/F5JobBase.cs
@@ -7,7 +7,8 @@
 // OR CONDITIONS OF ANY KIND, either express or implied. See the License for  
 // thespecific language governing permissions and limitations under the       
 // License. 
-using Keyfactor.Orchestrators.Extensions.Interfaces;
+using Keyfactor.Orchestrators.Extensions;
+using Keyfactor.Orchestrators.Extensions.Interfaces;
 using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Generic;
@@ -22,6 +23,8 @@ public class F5JobBase
 
         protected string ServerPassword { get; set; }
 
+        protected string StorePassword { get; set; }
+
         public IPAMSecretResolver _resolver;
 
         internal void SetPAMSecrets(string serverUserName, string serverPassword, ILogger logger)
@@ -29,5 +32,21 @@ internal void SetPAMSecrets(string serverUserName, string serverPassword, ILogge
             ServerUserName = PAMUtilities.ResolvePAMField(_resolver, logger, "Server User Name", serverUserName);
             ServerPassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Server Password", serverPassword);
         }
+
+        internal void SetPAMSecrets(string serverUserName, string serverPassword, string storePassword, ILogger logger)
+        {
+            ServerUserName = PAMUtilities.ResolvePAMField(_resolver, logger, "Server User Name", serverUserName);
+            ServerPassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Server Password", serverPassword);
+            StorePassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Store Password", storePassword);
+        }
+
+        internal void ValidateF5Release(ILogger logger, CertificateStore certificateStore, F5Client f5Client)
+        {
+            LogHandlerCommon.MethodEntry(logger, certificateStore, "ValidateF5Release");
+
+            f5Client.ValidateF5Version();
+
+            LogHandlerCommon.MethodExit(logger, certificateStore, "ValidateF5Release");
+        }
     }
 }
diff --git a/F5Orchestrator.csproj b/F5Orchestrator.csproj
index 6b8b133..1f0df23 100644
--- a/F5Orchestrator.csproj
+++ b/F5Orchestrator.csproj
@@ -1,12 +1,10 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
-    <Version>13.3</Version>
-    <AssemblyVersion>13.3.0.0</AssemblyVersion>
-    <FileVersion>13.3.0.0</FileVersion>
+    <ImplicitUsings>disable</ImplicitUsings>
   </PropertyGroup>
 
   <ItemGroup>
@@ -14,10 +12,10 @@
     <PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.7.0" />
     <PackageReference Include="Keyfactor.PKI" Version="4.9.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
-  </ItemGroup>
 
-  <Target Name="PostBuild" AfterTargets="PostBuildEvent">
-    <Exec Command="echo F | xcopy &quot;$(ProjectDir)manifest.json&quot; &quot;$(TargetDir)\manifest.json&quot; /Y" />
-  </Target>
+    <None Update="manifest.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+  </ItemGroup>
 
 </Project>
diff --git a/InventoryBase.cs b/InventoryBase.cs
index 67ea6bc..9b136d8 100644
--- a/InventoryBase.cs
+++ b/InventoryBase.cs
@@ -21,11 +21,10 @@ public abstract class InventoryBase : F5JobBase, IInventoryJobExtension
 
         protected InventoryJobConfiguration JobConfig { get; set; }
 
-        protected string F5Version { get; set; }
         protected bool IgnoreSSLWarning { get; set; }
         protected bool UseTokenAuth { get; set; }
 
-        public string ExtensionName => string.Empty;
+        public string ExtensionName => "Keyfactor.Extensions.Orchestrator.F5Orchestrator.Inventory";
 
         public abstract JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpdate submitInventory);
 
@@ -34,10 +33,6 @@ protected void ParseJobProperties()
             LogHandlerCommon.MethodEntry(logger, JobConfig.CertificateStoreDetails, "ParseJobProperties");
             dynamic properties = JsonConvert.DeserializeObject(JobConfig.CertificateStoreDetails.Properties.ToString());
 
-            if (string.IsNullOrEmpty(properties.F5Version?.ToString())) { throw new Exception("Missing job property string: F5Version"); }
-            F5Version = properties.F5Version.ToString();
-            LogHandlerCommon.Trace(logger, JobConfig.CertificateStoreDetails, $"F5 version '{F5Version}'");
-
             IgnoreSSLWarning = properties.IgnoreSSLWarning == null || string.IsNullOrEmpty(properties.IgnoreSSLWarning.Value) ? false : bool.Parse(properties.IgnoreSSLWarning.Value);
             UseTokenAuth = properties.UseTokenAuth == null || string.IsNullOrEmpty(properties.UseTokenAuth.Value) ? false : bool.Parse(properties.UseTokenAuth.Value);
             LogHandlerCommon.Trace(logger, JobConfig.CertificateStoreDetails, $"Ignore SSL Warnings '{IgnoreSSLWarning.ToString()}'");
diff --git a/ManagementBase.cs b/ManagementBase.cs
index 7636879..92c41c8 100644
--- a/ManagementBase.cs
+++ b/ManagementBase.cs
@@ -26,11 +26,10 @@ public abstract class ManagementBase : F5JobBase, IManagementJobExtension
         protected int PrimaryNodeRetryMax { get; set; }
         protected int PrimaryNodeRetryWaitSecs { get; set; }
         protected int _primaryNodeRetryCount = 0;
-        protected string F5Version { get; set; }
         protected bool IgnoreSSLWarning { get; set; }
         protected bool UseTokenAuth { get; set; }
 
-        public string ExtensionName => string.Empty;
+        public string ExtensionName => "Keyfactor.Extensions.Orchestrator.F5Orchestrator.Management";
 
         public abstract JobResult ProcessJob(ManagementJobConfiguration config);
 
@@ -78,10 +77,6 @@ protected void ParseJobProperties()
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, "The primary node is not required to be active");
             }
 
-            if (string.IsNullOrEmpty(properties.F5Version?.ToString())) { throw new Exception("Missing job property string: F5Version"); }
-            F5Version = properties.F5Version.ToString();
-            LogHandlerCommon.Trace(logger, JobConfig.CertificateStoreDetails, $"F5 version '{F5Version}'");
-
             IgnoreSSLWarning = properties.IgnoreSSLWarning == null || string.IsNullOrEmpty(properties.IgnoreSSLWarning.Value) ? false : bool.Parse(properties.IgnoreSSLWarning.Value);
             UseTokenAuth = properties.UseTokenAuth == null || string.IsNullOrEmpty(properties.UseTokenAuth.Value) ? false : bool.Parse(properties.UseTokenAuth.Value);
             LogHandlerCommon.Trace(logger, JobConfig.CertificateStoreDetails, $"Ignore SSL Warnings '{IgnoreSSLWarning.ToString()}'");
diff --git a/README.md b/README.md
index 6df838a..0346568 100644
--- a/README.md
+++ b/README.md
@@ -1,254 +1,700 @@
+<h1 align="center" style="border-bottom: none">
+    F5 Universal Orchestrator Extension
+</h1>
+
+<p align="center">
+  <!-- Badges -->
+<img src="https://img.shields.io/badge/integration_status-production-3D1973?style=flat-square" alt="Integration Status: production" />
+<a href="https://github.com/Keyfactor/f5-rest-orchestrator/releases"><img src="https://img.shields.io/github/v/release/Keyfactor/f5-rest-orchestrator?style=flat-square" alt="Release" /></a>
+<img src="https://img.shields.io/github/issues/Keyfactor/f5-rest-orchestrator?style=flat-square" alt="Issues" />
+<img src="https://img.shields.io/github/downloads/Keyfactor/f5-rest-orchestrator/total?style=flat-square&label=downloads&color=28B905" alt="GitHub Downloads (all assets, all releases)" />
+</p>
 
-# F5
+<p align="center">
+  <!-- TOC -->
+  <a href="#support">
+    <b>Support</b>
+  </a>
+  ·
+  <a href="#installation">
+    <b>Installation</b>
+  </a>
+  ·
+  <a href="#license">
+    <b>License</b>
+  </a>
+  ·
+  <a href="https://github.com/orgs/Keyfactor/repositories?q=orchestrator">
+    <b>Related Integrations</b>
+  </a>
+</p>
 
-The F5 Orchestrator allows for the remote management of F5 Stores. Discovery, Inventory, and Management functions are supported.
+## Overview
 
-#### Integration status: Production - Ready for use in production environments.
+The F5 Orchestrator supports three different types of certificates stores with the capabilities for each below:
 
-## About the Keyfactor Universal Orchestrator Extension
+- CA Bundles
+  - Discovery
+  - Inventory*
+  - Management (Add and Remove)
+- Web Server Device Certificates
+  - Inventory*
+  - Management (Add, but replacement/renewal of existing certificate only) 
+- SSL Certificates
+  - Discovery
+  - Inventory*
+  - Management (Add and Remove)  
 
-This repository contains a Universal Orchestrator Extension which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” &mdash; collections of certificates and roots of trust that are found within and used by various applications.
+*Special note on private keys: One of the pieces of information that Keyfactor collects during an Inventory job is whether or not the certificate stored in F5 has a private key.  The private key is NEVER actually retrieved by Keyfactor, but Keyfactor does track whether one exists.  F5 does not provide an API to determine this, so by convention, all CA Bundle certificates are deemed to not have private keys, while Web Server and SSL certificates are deemed to have them.  Any Management jobs adding (new or renewal) a certificate will renew without the private key for CA Bundle stores and with the private key for Web Server or SSL stores.
 
-The Universal Orchestrator is part of the Keyfactor software distribution and is available via the Keyfactor customer portal. For general instructions on installing Extensions, see the “Keyfactor Command Orchestrator Installation and Configuration Guide” section of the Keyfactor documentation. For configuration details of this specific Extension see below in this readme.
+The F5 Universal Orchestrator extension implements 3 Certificate Store Types. Depending on your use case, you may elect to use one, or all of these Certificate Store Types. Descriptions of each are provided below.
 
-The Universal Orchestrator is the successor to the Windows Orchestrator. This Orchestrator Extension plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator.
 
-## Support for F5
+## Compatibility
 
-F5 is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com
+This integration is compatible with Keyfactor Universal Orchestrator version 10.1 and later.
 
-###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
+## Support
+The F5 Universal Orchestrator extension is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com. 
+ 
+> To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
 
----
+## Requirements & Prerequisites
 
+Before installing the F5 Universal Orchestrator extension, we recommend that you install [kfutil](https://github.com/Keyfactor/kfutil). Kfutil is a command-line tool that simplifies the process of creating store types, installing extensions, and instantiating certificate stores in Keyfactor Command.
 
----
 
+An administrator account must be set up in F5 to be used with this orchestrator extension.  This F5 user id is what must be used as credentials when setting up a Keyfactor Command certificate store pointing to the F5 device intending to be managed.
 
 
-## Keyfactor Version Supported
+## Create Certificate Store Types
 
-The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.1
-## Platform Specific Notes
+To use the F5 Universal Orchestrator extension, you **must** create the Certificate Store Types required for your usecase. This only needs to happen _once_ per Keyfactor Command instance.
 
-The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. The certificate operations supported by a capability may vary based what platform the capability is installed on. The table below indicates what capabilities are supported based on which platform the encompassing Universal Orchestrator is running.
-| Operation | Win | Linux |
-|-----|-----|------|
-|Supports Management Add|&check; |&check; |
-|Supports Management Remove|&check; |&check; |
-|Supports Create Store|  |  |
-|Supports Discovery|&check; |&check; |
-|Supports Reenrollment|  |  |
-|Supports Inventory|&check; |&check; |
+The F5 Universal Orchestrator extension implements 3 Certificate Store Types. Depending on your use case, you may elect to use one, or all of these Certificate Store Types.
 
+<details><summary>F5 SSL Profiles REST (F5-SL-REST)</summary>
 
-## PAM Integration
 
-This orchestrator extension has the ability to connect to a variety of supported PAM providers to allow for the retrieval of various client hosted secrets right from the orchestrator server itself.  This eliminates the need to set up the PAM integration on Keyfactor Command which may be in an environment that the client does not want to have access to their PAM provider.
+* **Create F5-SL-REST using kfutil**:
 
-The secrets that this orchestrator extension supports for use with a PAM Provider are:
+    ```shell
+    # F5 SSL Profiles REST
+    kfutil store-types create F5-SL-REST
+    ```
 
-|Name|Description|
-|----|-----------|
-|ServerUsername|The user id that will be used to authenticate to the F5 installation|
-|ServerPassword|The password that will be used to authenticate to the F5 installation|
-  
+* **Create F5-SL-REST manually in the Command UI**:
+    <details><summary>Create F5-SL-REST manually in the Command UI</summary>
 
-It is not necessary to use a PAM Provider for all of the secrets available above. If a PAM Provider should not be used, simply enter in the actual value to be used, as normal.
+    Create a store type called `F5-SL-REST` with the attributes in the tables below:
 
-If a PAM Provider will be used for one of the fields above, start by referencing the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam). The GitHub repo for the PAM Provider to be used contains important information such as the format of the `json` needed. What follows is an example but does not reflect the `json` values for all PAM Providers as they have different "instance" and "initialization" parameter names and values.
+    #### Basic Tab
+    | Attribute | Value | Description |
+    | --------- | ----- | ----- |
+    | Name | F5 SSL Profiles REST | Display name for the store type (may be customized) |
+    | Short Name | F5-SL-REST | Short display name for the store type |
+    | Capability | F5-SL-REST | Store type name orchestrator will register with. Check the box to allow entry of value |
+    | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add |
+    | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove |
+    | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery |
+    | Supports Reenrollment | 🔲 Unchecked |  Indicates that the Store Type supports Reenrollment |
+    | Supports Create | 🔲 Unchecked |  Indicates that the Store Type supports store creation |
+    | Needs Server | ✅ Checked | Determines if a target server name is required when creating store |
+    | Blueprint Allowed | ✅ Checked | Determines if store type may be included in an Orchestrator blueprint |
+    | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell |
+    | Requires Store Password | ✅ Checked | Enables users to optionally specify a store password when defining a Certificate Store. |
+    | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. |
 
-<details><summary>General PAM Provider Configuration</summary>
-<p>
+    The Basic tab should look like this:
 
+    ![F5-SL-REST Basic Tab](docsource/images/F5-SL-REST-basic-store-type-dialog.png)
 
+    #### Advanced Tab
+    | Attribute | Value | Description |
+    | --------- | ----- | ----- |
+    | Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. |
+    | Private Key Handling | Optional | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. |
+    | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) |
 
-### Example PAM Provider Setup
+    The Advanced tab should look like this:
 
-To use a PAM Provider to resolve a field, in this example the __Server Password__ will be resolved by the `Hashicorp-Vault` provider, first install the PAM Provider extension from the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) on the Universal Orchestrator.
+    ![F5-SL-REST Advanced Tab](docsource/images/F5-SL-REST-advanced-store-type-dialog.png)
 
-Next, complete configuration of the PAM Provider on the UO by editing the `manifest.json` of the __PAM Provider__ (e.g. located at extensions/Hashicorp-Vault/manifest.json). The "initialization" parameters need to be entered here:
+    #### Custom Fields Tab
+    Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
 
-~~~ json
-  "Keyfactor:PAMProviders:Hashicorp-Vault:InitializationInfo": {
-    "Host": "http://127.0.0.1:8200",
-    "Path": "v1/secret/data",
-    "Token": "xxxxxx"
-  }
-~~~
+    | Name | Display Name | Description | Type | Default Value/Options | Required |
+    | ---- | ------------ | ---- | --------------------- | -------- | ----------- |
+    | PrimaryNode | Primary Node | Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive. | String |  | ✅ Checked |
+    | PrimaryNodeCheckRetryWaitSecs | Primary Node Check Retry Wait Seconds | Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive. | String | 120 | ✅ Checked |
+    | PrimaryNodeCheckRetryMax | Primary Node Check Retry Maximum | Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing. | String | 3 | ✅ Checked |
+    | PrimaryNodeOnlineRequired | Primary Node Online Required | Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed. | Bool |  | ✅ Checked |
+    | IgnoreSSLWarning | Ignore SSL Warning | Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs. | Bool | False | ✅ Checked |
+    | UseTokenAuth | Use Token Authentication | Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests. | Bool | false | ✅ Checked |
+    | ServerUsername | Server Username | Login credential for the F5 device.  MUST be an Admin account. | Secret |  | 🔲 Unchecked |
+    | ServerPassword | Server Password | Login password for the F5 device. | Secret |  | 🔲 Unchecked |
+    | ServerUseSsl | Use SSL | True if using https to access the F5 device. False if using http. | Bool | true | ✅ Checked |
 
-After these values are entered, the Orchestrator needs to be restarted to pick up the configuration. Now the PAM Provider can be used on other Orchestrator Extensions.
+    The Custom Fields tab should look like this:
 
-### Use the PAM Provider
-With the PAM Provider configured as an extenion on the UO, a `json` object can be passed instead of an actual value to resolve the field with a PAM Provider. Consult the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) for the specific format of the `json` object.
+    ![F5-SL-REST Custom Fields Tab](docsource/images/F5-SL-REST-custom-fields-store-type-dialog.png)
 
-To have the __Server Password__ field resolved by the `Hashicorp-Vault` provider, the corresponding `json` object from the `Hashicorp-Vault` extension needs to be copied and filed in with the correct information:
 
-~~~ json
-{"Secret":"my-kv-secret","Key":"myServerPassword"}
-~~~
 
-This text would be entered in as the value for the __Server Password__, instead of entering in the actual password. The Orchestrator will attempt to use the PAM Provider to retrieve the __Server Password__. If PAM should not be used, just directly enter in the value for the field.
-</p>
-</details> 
+    </details>
+</details>
 
+<details><summary>F5 WS Profiles REST (F5-WS-REST)</summary>
 
 
+* **Create F5-WS-REST using kfutil**:
 
----
+    ```shell
+    # F5 WS Profiles REST
+    kfutil store-types create F5-WS-REST
+    ```
 
+* **Create F5-WS-REST manually in the Command UI**:
+    <details><summary>Create F5-WS-REST manually in the Command UI</summary>
 
-<span style="color:red">**Please note that this integration will work with the Universal Orchestrator version 10.1 or earlier, OR 10.4.1 or greater**</span>
+    Create a store type called `F5-WS-REST` with the attributes in the tables below:
 
-## Use Cases
+    #### Basic Tab
+    | Attribute | Value | Description |
+    | --------- | ----- | ----- |
+    | Name | F5 WS Profiles REST | Display name for the store type (may be customized) |
+    | Short Name | F5-WS-REST | Short display name for the store type |
+    | Capability | F5-WS-REST | Store type name orchestrator will register with. Check the box to allow entry of value |
+    | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add |
+    | Supports Remove | 🔲 Unchecked |  Indicates that the Store Type supports Management Remove |
+    | Supports Discovery | 🔲 Unchecked |  Indicates that the Store Type supports Discovery |
+    | Supports Reenrollment | 🔲 Unchecked |  Indicates that the Store Type supports Reenrollment |
+    | Supports Create | 🔲 Unchecked |  Indicates that the Store Type supports store creation |
+    | Needs Server | ✅ Checked | Determines if a target server name is required when creating store |
+    | Blueprint Allowed | ✅ Checked | Determines if store type may be included in an Orchestrator blueprint |
+    | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell |
+    | Requires Store Password | 🔲 Unchecked | Enables users to optionally specify a store password when defining a Certificate Store. |
+    | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. |
 
-The F5 Orchestrator supports three different types of certificates stores with the capabilities for each below:
+    The Basic tab should look like this:
 
-- CA Bundles
-  - Discovery
-  - Inventory*
-  - Management (Add and Remove)
-- Web Server Device Certificates
-  - Inventory*
-  - Management (Add, but replacement/renewal of existing certificate only) 
-- SSL Certificates
-  - Discovery
-  - Inventory*
-  - Management (Add and Remove)  
+    ![F5-WS-REST Basic Tab](docsource/images/F5-WS-REST-basic-store-type-dialog.png)
 
-*Special note on private keys: One of the pieces of information that Keyfactor collects during an Inventory job is whether or not the certificate stored in F5 has a private key.  The private key is NEVER actually retrieved by Keyfactor, but Keyfactor does track whether one exists.  F5 does not provide an API to determine this, so by convention, all CA Bundle certificates are deemed to not have private keys, while Web Server and SSL certificates are deemed to have them.  Any Management jobs adding (new or renewal) a certificate will renew without the private key for CA Bundle stores and with the private key for Web Server or SSL stores.
+    #### Advanced Tab
+    | Attribute | Value | Description |
+    | --------- | ----- | ----- |
+    | Supports Custom Alias | Forbidden | Determines if an individual entry within a store can have a custom Alias. |
+    | Private Key Handling | Required | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. |
+    | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) |
 
+    The Advanced tab should look like this:
 
+    ![F5-WS-REST Advanced Tab](docsource/images/F5-WS-REST-advanced-store-type-dialog.png)
 
+    #### Custom Fields Tab
+    Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
 
-## Versioning
+    | Name | Display Name | Description | Type | Default Value/Options | Required |
+    | ---- | ------------ | ---- | --------------------- | -------- | ----------- |
+    | PrimaryNode | Primary Node | Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive. | String |  | ✅ Checked |
+    | PrimaryNodeCheckRetryWaitSecs | Primary Node Check Retry Wait Seconds | Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive. | String | 120 | ✅ Checked |
+    | PrimaryNodeCheckRetryMax | Primary Node Check Retry Maximum | Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing. | String | 3 | ✅ Checked |
+    | PrimaryNodeOnlineRequired | Primary Node Online Required | Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed. | Bool |  | ✅ Checked |
+    | IgnoreSSLWarning | Ignore SSL Warning | Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs. | Bool | False | ✅ Checked |
+    | UseTokenAuth | Use Token Authentication | Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests. | Bool | false | ✅ Checked |
+    | ServerUsername | Server Username | Login credential for the F5 device.  MUST be an Admin account. | Secret |  | 🔲 Unchecked |
+    | ServerPassword | Server Password | Login password for the F5 device. | Secret |  | 🔲 Unchecked |
+    | ServerUseSsl | Use SSL | True if using https to access the F5 device. False if using http. | Bool | true | ✅ Checked |
 
-The version number of a the F5 Orchestrator can be verified by right clicking on the F5Orchestrator.dll file, selecting Properties, and then clicking on the Details tab.
+    The Custom Fields tab should look like this:
 
-## F5 Orchestrator Installation
+    ![F5-WS-REST Custom Fields Tab](docsource/images/F5-WS-REST-custom-fields-store-type-dialog.png)
 
-1. Stop the Keyfactor Universal Orchestrator Service.
-2. In the Keyfactor Orchestrator installation folder (by convention usually C:\Program Files\Keyfactor\Keyfactor Orchestrator), find the "extensions" folder. Underneath that, create a new folder named F5 or another name of your choosing.
-3. Download the latest version of the F5 Orchestrator from [GitHub](https://github.com/Keyfactor/f5-rest-orchestrator).
-4. Copy the contents of the download installation zip file into the folder created in step 1.
-5. Start the Keyfactor Universal Orchestrator Service.
 
 
-## F5 Orchestrator Configuration
+    </details>
+</details>
 
-**1. In Keyfactor Command, if any of the aforementioned certificate store types do not already exist, create a new certificate store type for each of the 3 that you wish to manage by navigating to Settings (the "gear" icon in the top right) => Certificate Store Types.**
+<details><summary>F5 CA Profiles REST (F5-CA-REST)</summary>
 
-**<u>CA Bundles:</u>**
 
-![](images/image1.png)
-![](images/image2.png)
+* **Create F5-CA-REST using kfutil**:
 
+    ```shell
+    # F5 CA Profiles REST
+    kfutil store-types create F5-CA-REST
+    ```
 
+* **Create F5-CA-REST manually in the Command UI**:
+    <details><summary>Create F5-CA-REST manually in the Command UI</summary>
 
-**<u>Web Server Certificates</u>**
+    Create a store type called `F5-CA-REST` with the attributes in the tables below:
 
-![](images/image9.png)
-![](images/image10.png)
+    #### Basic Tab
+    | Attribute | Value | Description |
+    | --------- | ----- | ----- |
+    | Name | F5 CA Profiles REST | Display name for the store type (may be customized) |
+    | Short Name | F5-CA-REST | Short display name for the store type |
+    | Capability | F5-CA-REST | Store type name orchestrator will register with. Check the box to allow entry of value |
+    | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add |
+    | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove |
+    | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery |
+    | Supports Reenrollment | 🔲 Unchecked |  Indicates that the Store Type supports Reenrollment |
+    | Supports Create | 🔲 Unchecked |  Indicates that the Store Type supports store creation |
+    | Needs Server | ✅ Checked | Determines if a target server name is required when creating store |
+    | Blueprint Allowed | ✅ Checked | Determines if store type may be included in an Orchestrator blueprint |
+    | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell |
+    | Requires Store Password | 🔲 Unchecked | Enables users to optionally specify a store password when defining a Certificate Store. |
+    | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. |
 
+    The Basic tab should look like this:
 
+    ![F5-CA-REST Basic Tab](docsource/images/F5-CA-REST-basic-store-type-dialog.png)
 
-**<u>SSL Certificates</u>**
+    #### Advanced Tab
+    | Attribute | Value | Description |
+    | --------- | ----- | ----- |
+    | Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. |
+    | Private Key Handling | Forbidden | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. |
+    | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) |
 
-![](images/image11.png)
-![](images/image12.png)
+    The Advanced tab should look like this:
 
-- **Name** – Required. The display name of the new Certificate Store Type
-- **Short Name** – Required. This value ***must match*** the folder name for this store type under the "extensions" folder in the install path.
-- **Custom Capability** - Leave unchecked
-- **Supported Job Types** – Select Inventory and Add for all 3 types, and Discovery for CA Bundles and SSL Certificates.
-- **General Settings** - Select Needs Server.  Leave Uses PowerShell unchecked.  Select Blueprint Allowed if you plan to use blueprinting.
-- **Password Settings** - Leave both options unchecked for F5-WS-REST and F5-CA-REST.  Select Needs Store Password for F5-SL-REST.
-- **All selections on Advanced tab** - Set the values on this tab ***exactly*** as they are shown in the above screen prints for each applicable store type.
+    ![F5-CA-REST Advanced Tab](docsource/images/F5-CA-REST-advanced-store-type-dialog.png)
 
+    #### Custom Fields Tab
+    Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type:
 
+    | Name | Display Name | Description | Type | Default Value/Options | Required |
+    | ---- | ------------ | ---- | --------------------- | -------- | ----------- |
+    | PrimaryNode | Primary Node | Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive. | String |  | ✅ Checked |
+    | PrimaryNodeCheckRetryWaitSecs | Primary Node Check Retry Wait Seconds | Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive. | String | 120 | ✅ Checked |
+    | PrimaryNodeCheckRetryMax | Primary Node Check Retry Maximum | Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing. | String | 3 | ✅ Checked |
+    | PrimaryNodeOnlineRequired | Primary Node Online Required | Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed. | Bool |  | ✅ Checked |
+    | IgnoreSSLWarning | Ignore SSL Warning | Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs. | Bool | False | ✅ Checked |
+    | UseTokenAuth | Use Token Authentication | Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests. | Bool | false | ✅ Checked |
+    | ServerUsername | Server Username | Login credential for the F5 device.  MUST be an Admin account. | Secret |  | 🔲 Unchecked |
+    | ServerPassword | Server Password | Login password for the F5 device. | Secret |  | 🔲 Unchecked |
+    | ServerUseSsl | Use SSL | True if using https to access the F5 device. False if using http. | Bool | true | ✅ Checked |
 
-The Custom Fields tab contains 10 custom store parameters (3 of which, Server Username, Server Password, and Use SSL were set up on the Basic tab and are not actually custom parameters you need or want to modify on this tab).  The set up is consistent across store types, and should look as follows:
+    The Custom Fields tab should look like this:
 
-![](images/image3.png)<br>  
-![](images/image6.png)<br>  
-![](images/image7.png)<br>  
-![](images/image8.png)<br>  
-![](images/image4.png)<br>  
-![](images/image5.png)<br>  
-![](images/image15.png)<br>  
-![](images/image16.png)<br>  
+    ![F5-CA-REST Custom Fields Tab](docsource/images/F5-CA-REST-custom-fields-store-type-dialog.png)
 
-If any or all of the 3 certificate store types were already set up on installation of Keyfactor, you may only need to add Primary Node Online Required and Ignore SSL Warning.  These parameters, however, are optional and only necessary if needed to be set to true.  Please see the descriptions below in "2a. Create a F5 Certificate Store wihin Keyfactor Command.
 
 
+    </details>
+</details>
 
-**2a. Create a F5 Certificate Store within Keyfactor Command**  
-![](images/image13.png)  
 
-If you choose to manually create a F5 store In Keyfactor Command rather than running a Discovery job (Step 2b) to automatically find the store, you can navigate to Certificate Locations =\> Certificate Stores within Keyfactor Command to add the store. Below are the values that should be entered.![](Images/Image13.png)
+## Installation
 
-- **Category** – Required.  One of the 3 F5 store types - F5 Web Server REST, F5 CA Bundles REST, or F5 SSL Profiles REST (your configured names may be different based on what you entered when creating the certificate store types in Step 1).
+1. **Download the latest F5 Universal Orchestrator extension from GitHub.** 
 
-- **Container** – Optional.  Select a container if utilized.
+    Navigate to the [F5 Universal Orchestrator extension GitHub version page](https://github.com/Keyfactor/f5-rest-orchestrator/releases/latest). Refer to the compatibility matrix below to determine whether the `net6.0` or `net8.0` asset should be downloaded. Then, click the corresponding asset to download the zip archive.
+    | Universal Orchestrator Version | Latest .NET version installed on the Universal Orchestrator server | `rollForward` condition in `Orchestrator.runtimeconfig.json` | `f5-rest-orchestrator` .NET version to download |
+    | --------- | ----------- | ----------- | ----------- |
+    | Older than `11.0.0` | | | `net6.0` |
+    | Between `11.0.0` and `11.5.1` (inclusive) | `net6.0` | | `net6.0` | 
+    | Between `11.0.0` and `11.5.1` (inclusive) | `net8.0` | `Disable` | `net6.0` | 
+    | Between `11.0.0` and `11.5.1` (inclusive) | `net8.0` | `LatestMajor` | `net8.0` | 
+    | `11.6` _and_ newer | `net8.0` | | `net8.0` |
 
-- **Client Machine** – Required.  The server name or IP Address for the F5 device.
-  
-- **Store Path** – Required.  Enter the name of the partition on the F5 device you wish to manage.  This value is case sensitive, so if the partition name is "Common", it must be entered as "Common" and not "common".
+    Unzip the archive containing extension assemblies to a known location.
 
-- **Orchestrator** – Required.  Select the orchestrator you wish to use to manage this store
+    > **Note** If you don't see an asset with a corresponding .NET version, you should always assume that it was compiled for `net6.0`.
 
-- **Primary Node Online Required** – Optional.  Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive.  If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed.  If you choose not to add this custom field, the default value of False will be assumed.
+2. **Locate the Universal Orchestrator extensions directory.**
 
-- **Primary Node** - Only required (and shown) if Primary Node Online Required is added and selected.  Enter the fully qualified domain name of the F5 device that acts as the primary node in a highly available F5 implementation.  If you're using a single F5 device, this will typically be the same value you entered in the Client Machine field.
+    * **Default on Windows** - `C:\Program Files\Keyfactor\Keyfactor Orchestrator\extensions`
+    * **Default on Linux** - `/opt/keyfactor/orchestrator/extensions`
+    
+3. **Create a new directory for the F5 Universal Orchestrator extension inside the extensions directory.**
+        
+    Create a new directory called `f5-rest-orchestrator`.
+    > The directory name does not need to match any names used elsewhere; it just has to be unique within the extensions directory.
 
-- **Primary Node Check Retry Wait Seconds** - Only required (and shown) if Primary Node Online Required is added and selected.  Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive.
+4. **Copy the contents of the downloaded and unzipped assemblies from __step 2__ to the `f5-rest-orchestrator` directory.**
 
-- **Primary Node Check Retry Maximum** - Only required (and shown) if Primary Node Online Required is added and selected.  Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing.
+5. **Restart the Universal Orchestrator service.**
 
-- **Version of F5** - Required.  Select v13, v14, or v15 to match the version for the F5 device being managed
+    Refer to [Starting/Restarting the Universal Orchestrator service](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/StarttheService.htm).
 
-- **Server Username/Server Password** - Required.  The credentials for server login can be any of:
-  
-  - UserId/Password
-  
-  - PAM provider information to pass the UserId/Password or UserId/SSH private key credentials
 
-- **Use SSL** - Required.  True if using https to access the F5 device.  False if using http.
+6. **(optional) PAM Integration** 
+
+    The F5 Universal Orchestrator extension is compatible with all supported Keyfactor PAM extensions to resolve PAM-eligible secrets. PAM extensions running on Universal Orchestrators enable secure retrieval of secrets from a connected PAM provider.
+
+    To configure a PAM provider, [reference the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) to select an extension, and follow the associated instructions to install it on the Universal Orchestrator (remote).
+
+
+> The above installation steps can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions).
+
+
+
+## Defining Certificate Stores
+
+The F5 Universal Orchestrator extension implements 3 Certificate Store Types, each of which implements different functionality. Refer to the individual instructions below for each Certificate Store Type that you deemed necessary for your use case from the installation section.
+
+<details><summary>F5 SSL Profiles REST (F5-SL-REST)</summary>
+
+
+* **Manually with the Command UI**
+
+    <details><summary>Create Certificate Stores manually in the UI</summary>
+
+    1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.**
+
+        Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_.
+
+    2. **Add a Certificate Store.**
+
+        Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | Category | Select "F5 SSL Profiles REST" or the customized certificate store name from the previous step. |
+        | Container | Optional container to associate certificate store with. |
+        | Client Machine | The server name or IP Address for the F5 device. |
+        | Store Path | Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is "Common", it must be entered as "Common" and not "common", |
+        | Orchestrator | Select an approved orchestrator capable of managing `F5-SL-REST` certificates. Specifically, one with the `F5-SL-REST` capability. |
+        | PrimaryNode | Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive. |
+        | PrimaryNodeCheckRetryWaitSecs | Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive. |
+        | PrimaryNodeCheckRetryMax | Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing. |
+        | PrimaryNodeOnlineRequired | Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed. |
+        | IgnoreSSLWarning | Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs. |
+        | UseTokenAuth | Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests. |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+        | ServerUseSsl | True if using https to access the F5 device. False if using http. |
+        | Store Password | Check "No Password" if you wish the private key of any added certificate to be set to Key Security Type "Normal". Enter a value (either a password or pointer to an installed PAM provider key for the password) to be used to encrypt the private key of any added certificate for Key Security Type of "Password". |
+
+        
+
+        <details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
+
+        If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+        | Store Password | Check "No Password" if you wish the private key of any added certificate to be set to Key Security Type "Normal". Enter a value (either a password or pointer to an installed PAM provider key for the password) to be used to encrypt the private key of any added certificate for Key Security Type of "Password". |
+
+        Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side.
+
+        > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. 
+        </details>
+        
+
+    </details>
+
+* **Using kfutil**
+    
+    <details><summary>Create Certificate Stores with kfutil</summary>
+    
+    1. **Generate a CSV template for the F5-SL-REST certificate store**
+
+        ```shell
+        kfutil stores import generate-template --store-type-name F5-SL-REST --outpath F5-SL-REST.csv
+        ```
+    2. **Populate the generated CSV file**
+
+        Open the CSV file, and reference the table below to populate parameters for each **Attribute**.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | Category | Select "F5 SSL Profiles REST" or the customized certificate store name from the previous step. |
+        | Container | Optional container to associate certificate store with. |
+        | Client Machine | The server name or IP Address for the F5 device. |
+        | Store Path | Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is "Common", it must be entered as "Common" and not "common", |
+        | Orchestrator | Select an approved orchestrator capable of managing `F5-SL-REST` certificates. Specifically, one with the `F5-SL-REST` capability. |
+        | PrimaryNode | Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive. |
+        | PrimaryNodeCheckRetryWaitSecs | Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive. |
+        | PrimaryNodeCheckRetryMax | Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing. |
+        | PrimaryNodeOnlineRequired | Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed. |
+        | IgnoreSSLWarning | Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs. |
+        | UseTokenAuth | Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests. |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+        | ServerUseSsl | True if using https to access the F5 device. False if using http. |
+        | Store Password | Check "No Password" if you wish the private key of any added certificate to be set to Key Security Type "Normal". Enter a value (either a password or pointer to an installed PAM provider key for the password) to be used to encrypt the private key of any added certificate for Key Security Type of "Password". |
+
+        
 
-- **Ignore SSL Warning** - Optional.  Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it.  If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs.
+        <details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
 
-- **Use Token Authentication** - Optional.  Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests.  If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs.  Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests.
+        If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+        | Store Password | Check "No Password" if you wish the private key of any added certificate to be set to Key Security Type "Normal". Enter a value (either a password or pointer to an installed PAM provider key for the password) to be used to encrypt the private key of any added certificate for Key Security Type of "Password". |
 
-- **Store Password** - Required for F5-SL-REST only.  Check "No Password" if you wish the private key of any added certificate to be set to Key Security Type "Normal".  Enter a value (either a password or pointer to an installed PAM provider key for the password) to be used to encrypt the private key of any added certificate for Key Security Type of "Password".
+        > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. 
+        </details>
+        
 
-- **Inventory Schedule** – Set a schedule for running Inventory jobs or none, if you choose not to schedule Inventory at this time.
+    3. **Import the CSV file to create the certificate stores** 
 
-**2b. (Optional) Schedule a F5 Discovery Job**
+        ```shell
+        kfutil stores import csv --store-type-name F5-SL-REST --file F5-SL-REST.csv
+        ```
+    </details>
+
+> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
+
+
+</details>
+
+<details><summary>F5 WS Profiles REST (F5-WS-REST)</summary>
+
+
+* **Manually with the Command UI**
+
+    <details><summary>Create Certificate Stores manually in the UI</summary>
+
+    1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.**
+
+        Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_.
 
-Rather than manually creating F5 certificate stores, you can schedule a Discovery job to search find them (CA Bundle and SSL Certificate store types only).
+    2. **Add a Certificate Store.**
+
+        Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | Category | Select "F5 WS Profiles REST" or the customized certificate store name from the previous step. |
+        | Container | Optional container to associate certificate store with. |
+        | Client Machine | The server name or IP Address for the F5 device. |
+        | Store Path | Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is "Common", it must be entered as "Common" and not "common", |
+        | Orchestrator | Select an approved orchestrator capable of managing `F5-WS-REST` certificates. Specifically, one with the `F5-WS-REST` capability. |
+        | PrimaryNode | Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive. |
+        | PrimaryNodeCheckRetryWaitSecs | Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive. |
+        | PrimaryNodeCheckRetryMax | Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing. |
+        | PrimaryNodeOnlineRequired | Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed. |
+        | IgnoreSSLWarning | Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs. |
+        | UseTokenAuth | Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests. |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+        | ServerUseSsl | True if using https to access the F5 device. False if using http. |
+
+
+        
+
+        <details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
+
+        If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+
+
+        Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side.
+
+        > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. 
+        </details>
+        
+
+    </details>
+
+* **Using kfutil**
+    
+    <details><summary>Create Certificate Stores with kfutil</summary>
+    
+    1. **Generate a CSV template for the F5-WS-REST certificate store**
+
+        ```shell
+        kfutil stores import generate-template --store-type-name F5-WS-REST --outpath F5-WS-REST.csv
+        ```
+    2. **Populate the generated CSV file**
+
+        Open the CSV file, and reference the table below to populate parameters for each **Attribute**.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | Category | Select "F5 WS Profiles REST" or the customized certificate store name from the previous step. |
+        | Container | Optional container to associate certificate store with. |
+        | Client Machine | The server name or IP Address for the F5 device. |
+        | Store Path | Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is "Common", it must be entered as "Common" and not "common", |
+        | Orchestrator | Select an approved orchestrator capable of managing `F5-WS-REST` certificates. Specifically, one with the `F5-WS-REST` capability. |
+        | PrimaryNode | Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive. |
+        | PrimaryNodeCheckRetryWaitSecs | Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive. |
+        | PrimaryNodeCheckRetryMax | Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing. |
+        | PrimaryNodeOnlineRequired | Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed. |
+        | IgnoreSSLWarning | Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs. |
+        | UseTokenAuth | Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests. |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+        | ServerUseSsl | True if using https to access the F5 device. False if using http. |
+
+
+        
+
+        <details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
+
+        If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+
+
+        > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. 
+        </details>
+        
+
+    3. **Import the CSV file to create the certificate stores** 
+
+        ```shell
+        kfutil stores import csv --store-type-name F5-WS-REST --file F5-WS-REST.csv
+        ```
+    </details>
+
+> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
+
+
+</details>
+
+<details><summary>F5 CA Profiles REST (F5-CA-REST)</summary>
+
+
+* **Manually with the Command UI**
+
+    <details><summary>Create Certificate Stores manually in the UI</summary>
+
+    1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.**
+
+        Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_.
+
+    2. **Add a Certificate Store.**
+
+        Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | Category | Select "F5 CA Profiles REST" or the customized certificate store name from the previous step. |
+        | Container | Optional container to associate certificate store with. |
+        | Client Machine | The server name or IP Address for the F5 device. |
+        | Store Path | Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is "Common", it must be entered as "Common" and not "common", |
+        | Orchestrator | Select an approved orchestrator capable of managing `F5-CA-REST` certificates. Specifically, one with the `F5-CA-REST` capability. |
+        | PrimaryNode | Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive. |
+        | PrimaryNodeCheckRetryWaitSecs | Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive. |
+        | PrimaryNodeCheckRetryMax | Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing. |
+        | PrimaryNodeOnlineRequired | Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed. |
+        | IgnoreSSLWarning | Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs. |
+        | UseTokenAuth | Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests. |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+        | ServerUseSsl | True if using https to access the F5 device. False if using http. |
+
+
+        
+
+        <details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
+
+        If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+
+
+        Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side.
+
+        > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. 
+        </details>
+        
+
+    </details>
+
+* **Using kfutil**
+    
+    <details><summary>Create Certificate Stores with kfutil</summary>
+    
+    1. **Generate a CSV template for the F5-CA-REST certificate store**
+
+        ```shell
+        kfutil stores import generate-template --store-type-name F5-CA-REST --outpath F5-CA-REST.csv
+        ```
+    2. **Populate the generated CSV file**
+
+        Open the CSV file, and reference the table below to populate parameters for each **Attribute**.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | Category | Select "F5 CA Profiles REST" or the customized certificate store name from the previous step. |
+        | Container | Optional container to associate certificate store with. |
+        | Client Machine | The server name or IP Address for the F5 device. |
+        | Store Path | Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is "Common", it must be entered as "Common" and not "common", |
+        | Orchestrator | Select an approved orchestrator capable of managing `F5-CA-REST` certificates. Specifically, one with the `F5-CA-REST` capability. |
+        | PrimaryNode | Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive. |
+        | PrimaryNodeCheckRetryWaitSecs | Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive. |
+        | PrimaryNodeCheckRetryMax | Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing. |
+        | PrimaryNodeOnlineRequired | Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed. |
+        | IgnoreSSLWarning | Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs. |
+        | UseTokenAuth | Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests. |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+        | ServerUseSsl | True if using https to access the F5 device. False if using http. |
+
+
+        
+
+        <details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
+
+        If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
+        | Attribute | Description |
+        | --------- | ----------- |
+        | ServerUsername | Login credential for the F5 device.  MUST be an Admin account. |
+        | ServerPassword | Login password for the F5 device. |
+
+
+        > Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. 
+        </details>
+        
+
+    3. **Import the CSV file to create the certificate stores** 
+
+        ```shell
+        kfutil stores import csv --store-type-name F5-CA-REST --file F5-CA-REST.csv
+        ```
+    </details>
+
+> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store).
+
+
+</details>
+
+## Discovering Certificate Stores with the Discovery Job
+For SSL Certificate (F5-SL-REST) and CA Bundle (F5-CA-REST) store types, discovery jobs can be scheduled to find F5 partitions that can be configured as Keyfactor Command certificate stores.
 
 First, in Keyfactor Command navigate to Certificate Locations =\> Certificate Stores. Select the Discover tab and then the Schedule button. Complete the dialog and click Done to schedule.
 ![](images/image14.png)
 
-- **Category** – Required. The F5 store type you wish to find stores for.
+- **Category** - Required. The F5 store type you wish to find stores for.
 
-- **Orchestrator** – Select the orchestrator you wish to use to manage this store
+- **Orchestrator** - Select the orchestrator you wish to use to manage this store
 
-- **Client Machine & Credentials** – Required.  The server name or IP Address and login credentials for the F5 device.  The credentials for server login can be any of:
+- **Client Machine & Credentials** - Required.  The server name or IP Address and login credentials for the F5 device.  The credentials for server login can be any of:
 
   - UserId/Password
   - PAM provider information to pass the UserId/Password or UserId/SSH private key credentials
   
   When entering the credentials, UseSSL ***must*** be selected.
   
-- **When** – Required. The date and time when you would like this to execute.
+- **When** - Required. The date and time when you would like this to execute.
 
-- **Directories to search** – Required but not used. This field is not used in the search to Discover certificate stores, but ***is*** a required field in this dialog, so just enter any value.  It will not be used.
+- **Directories to search** - Required but not used. This field is not used in the search to Discover certificate stores, but ***is*** a required field in this dialog, so just enter any value.  It will not be used.
 
-- **Directories to ignore/Extensions/File name patterns to match/Follow SymLinks/Include PKCS12 Files** – Not used.  Leave blank.
+- **Directories to ignore/Extensions/File name patterns to match/Follow SymLinks/Include PKCS12 Files** - Not used.  Leave blank.
 
 Once the Discovery job has completed, a list of F5 certificate store locations should show in the Certificate Stores Discovery tab in Keyfactor Command. Right click on a store and select Approve to bring up a dialog that will ask for the remaining necessary certificate store parameters described in Step 2a.  Complete those and click Save, and the Certificate Store should now show up in the list of stores in the Certificate Stores tab.
 
-When creating cert store type manually, that store property names and entry parameter names are case sensitive
 
 
+
+
+
+
+## License
+
+Apache License 2.0, see [LICENSE](LICENSE).
+
+## Related Integrations
+
+See all [Keyfactor Universal Orchestrator extensions](https://github.com/orgs/Keyfactor/repositories?q=orchestrator).
\ No newline at end of file
diff --git a/SSLProfile/Discovery.cs b/SSLProfile/Discovery.cs
index db4e51b..111547a 100644
--- a/SSLProfile/Discovery.cs
+++ b/SSLProfile/Discovery.cs
@@ -41,6 +41,9 @@ public override JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDis
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
 
                 F5Client f5 = new F5Client(certificateStore, ServerUserName, ServerPassword, config.UseSSL, string.Empty, true, false, new List<PreviousInventoryItem>());
+
+                ValidateF5Release(logger, certificateStore, f5);
+
                 List<string> locations = f5.GetPartitions().Select(p => p.name).ToList();
 
                 LogHandlerCommon.Debug(logger, certificateStore, $"Submitting {locations?.Count} partitions");
diff --git a/SSLProfile/Inventory.cs b/SSLProfile/Inventory.cs
index ad8dc6b..eae8432 100644
--- a/SSLProfile/Inventory.cs
+++ b/SSLProfile/Inventory.cs
@@ -40,7 +40,9 @@ public override JobResult ProcessJob(InventoryJobConfiguration config, SubmitInv
             {
                 base.ParseJobProperties();
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
-                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, UseTokenAuth, config.LastInventory) { F5Version = base.F5Version };
+                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, UseTokenAuth, config.LastInventory);
+
+                ValidateF5Release(logger, JobConfig.CertificateStoreDetails, f5);
 
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, $"Getting inventory from '{config.CertificateStoreDetails.StorePath}'");
                 inventory = f5.GetSSLProfiles(20);
@@ -48,6 +50,9 @@ public override JobResult ProcessJob(InventoryJobConfiguration config, SubmitInv
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, $"Submitting {inventory?.Count} inventory entries for '{config.CertificateStoreDetails.StorePath}'");
                 submitInventory.Invoke(inventory);
 
+                if (UseTokenAuth)
+                    f5.RemoveToken();
+
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, "Job complete");
                 return new JobResult { Result = OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId };
             }
diff --git a/SSLProfile/Management.cs b/SSLProfile/Management.cs
index d882506..01bceb3 100644
--- a/SSLProfile/Management.cs
+++ b/SSLProfile/Management.cs
@@ -43,21 +43,22 @@ public override JobResult ProcessJob(ManagementJobConfiguration config)
 
             try
             {
-                SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
+                SetPAMSecrets(config.ServerUsername, config.ServerPassword, config.CertificateStoreDetails.StorePassword, logger);
                 base.ParseJobProperties();
                 base.PrimaryNodeActive();
 
                 F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, config.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, UseTokenAuth, config.LastInventory)
                 {
-                    PrimaryNode = base.PrimaryNode,
-                    F5Version = base.F5Version
+                    PrimaryNode = base.PrimaryNode
                 };
 
+                ValidateF5Release(logger, JobConfig.CertificateStoreDetails, f5);
+
                 switch (config.OperationType)
                 {
                     case CertStoreOperationType.Add:
                         LogHandlerCommon.Debug(logger, config.CertificateStoreDetails, $"Add entry '{config.JobCertificate.Alias}' to '{config.CertificateStoreDetails.StorePath}'");
-                        PerformAddJob(f5, config.CertificateStoreDetails.StorePassword);
+                        PerformAddJob(f5, StorePassword);
                         break;
                     case CertStoreOperationType.Remove:
                         LogHandlerCommon.Trace(logger, config.CertificateStoreDetails, $"Remove entry '{config.JobCertificate.Alias}' from '{config.CertificateStoreDetails.StorePath}'");
@@ -68,6 +69,9 @@ public override JobResult ProcessJob(ManagementJobConfiguration config)
                         throw new Exception($"Management job expecting 'Add' or 'Remove' job - received '{Enum.GetName(typeof(CertStoreOperationType), config.OperationType)}'");
                 }
 
+                if (UseTokenAuth)
+                    f5.RemoveToken();
+
                 LogHandlerCommon.Debug(logger, config.CertificateStoreDetails, "Job complete");
                 return new JobResult { Result = OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId };
             }
diff --git a/WebServer/Inventory.cs b/WebServer/Inventory.cs
index c35588b..a3590fc 100644
--- a/WebServer/Inventory.cs
+++ b/WebServer/Inventory.cs
@@ -45,12 +45,17 @@ public override JobResult ProcessJob(InventoryJobConfiguration config, SubmitInv
 
                 F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, UseTokenAuth, config.LastInventory);
 
+                ValidateF5Release(logger, JobConfig.CertificateStoreDetails, f5);
+
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, "Getting the F5 web server device inventory");
                 inventory = f5.GetWebServerInventory();
 
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, "Submitting F5 web server inventory");
                 submitInventory.Invoke(inventory);
 
+                if (UseTokenAuth)
+                    f5.RemoveToken();
+
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, "Job complete");
                 return new JobResult { Result = OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId };
             }
diff --git a/WebServer/Management.cs b/WebServer/Management.cs
index 5063351..c031f9f 100644
--- a/WebServer/Management.cs
+++ b/WebServer/Management.cs
@@ -52,9 +52,14 @@ public override JobResult ProcessJob(ManagementJobConfiguration config)
                     PrimaryNode = base.PrimaryNode
                 };
 
+                ValidateF5Release(logger, JobConfig.CertificateStoreDetails, f5);
+
                 LogHandlerCommon.Trace(logger, config.CertificateStoreDetails, "Replacing F5 web server certificate");
                 f5.ReplaceWebServerCrt(JobConfig.JobCertificate.Contents);
 
+                if (UseTokenAuth)
+                    f5.RemoveToken();
+
                 LogHandlerCommon.Debug(logger, config.CertificateStoreDetails, "Job complete");
                 return new JobResult { Result = OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId };
             }
diff --git a/docsource/content.md b/docsource/content.md
new file mode 100644
index 0000000..dc15197
--- /dev/null
+++ b/docsource/content.md
@@ -0,0 +1,49 @@
+## Overview
+
+The F5 Orchestrator supports three different types of certificates stores with the capabilities for each below:
+
+- CA Bundles
+  - Discovery
+  - Inventory*
+  - Management (Add and Remove)
+- Web Server Device Certificates
+  - Inventory*
+  - Management (Add, but replacement/renewal of existing certificate only) 
+- SSL Certificates
+  - Discovery
+  - Inventory*
+  - Management (Add and Remove)  
+
+*Special note on private keys: One of the pieces of information that Keyfactor collects during an Inventory job is whether or not the certificate stored in F5 has a private key.  The private key is NEVER actually retrieved by Keyfactor, but Keyfactor does track whether one exists.  F5 does not provide an API to determine this, so by convention, all CA Bundle certificates are deemed to not have private keys, while Web Server and SSL certificates are deemed to have them.  Any Management jobs adding (new or renewal) a certificate will renew without the private key for CA Bundle stores and with the private key for Web Server or SSL stores.
+
+
+## Requirements
+
+An administrator account must be set up in F5 to be used with this orchestrator extension.  This F5 user id is what must be used as credentials when setting up a Keyfactor Command certificate store pointing to the F5 device intending to be managed.
+
+
+## Discovery
+
+For SSL Certificate (F5-SL-REST) and CA Bundle (F5-CA-REST) store types, discovery jobs can be scheduled to find F5 partitions that can be configured as Keyfactor Command certificate stores.
+
+First, in Keyfactor Command navigate to Certificate Locations =\> Certificate Stores. Select the Discover tab and then the Schedule button. Complete the dialog and click Done to schedule.
+![](images/image14.png)
+
+- **Category** - Required. The F5 store type you wish to find stores for.
+
+- **Orchestrator** - Select the orchestrator you wish to use to manage this store
+
+- **Client Machine & Credentials** - Required.  The server name or IP Address and login credentials for the F5 device.  The credentials for server login can be any of:
+
+  - UserId/Password
+  - PAM provider information to pass the UserId/Password or UserId/SSH private key credentials
+  
+  When entering the credentials, UseSSL ***must*** be selected.
+  
+- **When** - Required. The date and time when you would like this to execute.
+
+- **Directories to search** - Required but not used. This field is not used in the search to Discover certificate stores, but ***is*** a required field in this dialog, so just enter any value.  It will not be used.
+
+- **Directories to ignore/Extensions/File name patterns to match/Follow SymLinks/Include PKCS12 Files** - Not used.  Leave blank.
+
+Once the Discovery job has completed, a list of F5 certificate store locations should show in the Certificate Stores Discovery tab in Keyfactor Command. Right click on a store and select Approve to bring up a dialog that will ask for the remaining necessary certificate store parameters described in Step 2a.  Complete those and click Save, and the Certificate Store should now show up in the list of stores in the Certificate Stores tab.
diff --git a/docsource/f5-ca-rest.md b/docsource/f5-ca-rest.md
new file mode 100644
index 0000000..ed37e8e
--- /dev/null
+++ b/docsource/f5-ca-rest.md
@@ -0,0 +1 @@
+## Overview
diff --git a/docsource/f5-sl-rest.md b/docsource/f5-sl-rest.md
new file mode 100644
index 0000000..ed37e8e
--- /dev/null
+++ b/docsource/f5-sl-rest.md
@@ -0,0 +1 @@
+## Overview
diff --git a/docsource/f5-ws-rest.md b/docsource/f5-ws-rest.md
new file mode 100644
index 0000000..ed37e8e
--- /dev/null
+++ b/docsource/f5-ws-rest.md
@@ -0,0 +1 @@
+## Overview
diff --git a/docsource/images/F5-CA-REST-advanced-store-type-dialog.png b/docsource/images/F5-CA-REST-advanced-store-type-dialog.png
new file mode 100644
index 0000000..ac05098
Binary files /dev/null and b/docsource/images/F5-CA-REST-advanced-store-type-dialog.png differ
diff --git a/docsource/images/F5-CA-REST-basic-store-type-dialog.png b/docsource/images/F5-CA-REST-basic-store-type-dialog.png
new file mode 100644
index 0000000..3418114
Binary files /dev/null and b/docsource/images/F5-CA-REST-basic-store-type-dialog.png differ
diff --git a/docsource/images/F5-CA-REST-custom-fields-store-type-dialog.png b/docsource/images/F5-CA-REST-custom-fields-store-type-dialog.png
new file mode 100644
index 0000000..4ac5e62
Binary files /dev/null and b/docsource/images/F5-CA-REST-custom-fields-store-type-dialog.png differ
diff --git a/docsource/images/F5-SL-REST-advanced-store-type-dialog.png b/docsource/images/F5-SL-REST-advanced-store-type-dialog.png
new file mode 100644
index 0000000..06bc133
Binary files /dev/null and b/docsource/images/F5-SL-REST-advanced-store-type-dialog.png differ
diff --git a/docsource/images/F5-SL-REST-basic-store-type-dialog.png b/docsource/images/F5-SL-REST-basic-store-type-dialog.png
new file mode 100644
index 0000000..cb859e6
Binary files /dev/null and b/docsource/images/F5-SL-REST-basic-store-type-dialog.png differ
diff --git a/docsource/images/F5-SL-REST-custom-fields-store-type-dialog.png b/docsource/images/F5-SL-REST-custom-fields-store-type-dialog.png
new file mode 100644
index 0000000..b864a64
Binary files /dev/null and b/docsource/images/F5-SL-REST-custom-fields-store-type-dialog.png differ
diff --git a/docsource/images/F5-WS-REST-advanced-store-type-dialog.png b/docsource/images/F5-WS-REST-advanced-store-type-dialog.png
new file mode 100644
index 0000000..18402cb
Binary files /dev/null and b/docsource/images/F5-WS-REST-advanced-store-type-dialog.png differ
diff --git a/docsource/images/F5-WS-REST-basic-store-type-dialog.png b/docsource/images/F5-WS-REST-basic-store-type-dialog.png
new file mode 100644
index 0000000..f3171d1
Binary files /dev/null and b/docsource/images/F5-WS-REST-basic-store-type-dialog.png differ
diff --git a/docsource/images/F5-WS-REST-custom-fields-store-type-dialog.png b/docsource/images/F5-WS-REST-custom-fields-store-type-dialog.png
new file mode 100644
index 0000000..4ac5e62
Binary files /dev/null and b/docsource/images/F5-WS-REST-custom-fields-store-type-dialog.png differ
diff --git a/images/image1.png b/images/image1.png
deleted file mode 100644
index 509cad4..0000000
Binary files a/images/image1.png and /dev/null differ
diff --git a/images/image10.png b/images/image10.png
deleted file mode 100644
index ead3212..0000000
Binary files a/images/image10.png and /dev/null differ
diff --git a/images/image11.png b/images/image11.png
deleted file mode 100644
index 00d10a4..0000000
Binary files a/images/image11.png and /dev/null differ
diff --git a/images/image12.png b/images/image12.png
deleted file mode 100644
index 628f369..0000000
Binary files a/images/image12.png and /dev/null differ
diff --git a/images/image13.png b/images/image13.png
deleted file mode 100644
index 3b8c929..0000000
Binary files a/images/image13.png and /dev/null differ
diff --git a/images/image14.png b/images/image14.png
deleted file mode 100644
index dcaac55..0000000
Binary files a/images/image14.png and /dev/null differ
diff --git a/images/image15.png b/images/image15.png
deleted file mode 100644
index 667e7e0..0000000
Binary files a/images/image15.png and /dev/null differ
diff --git a/images/image16.png b/images/image16.png
deleted file mode 100644
index 299d882..0000000
Binary files a/images/image16.png and /dev/null differ
diff --git a/images/image2.png b/images/image2.png
deleted file mode 100644
index 700cffa..0000000
Binary files a/images/image2.png and /dev/null differ
diff --git a/images/image3.png b/images/image3.png
deleted file mode 100644
index 2f0b4ef..0000000
Binary files a/images/image3.png and /dev/null differ
diff --git a/images/image4.png b/images/image4.png
deleted file mode 100644
index e754732..0000000
Binary files a/images/image4.png and /dev/null differ
diff --git a/images/image5.png b/images/image5.png
deleted file mode 100644
index 7093548..0000000
Binary files a/images/image5.png and /dev/null differ
diff --git a/images/image6.png b/images/image6.png
deleted file mode 100644
index 9981823..0000000
Binary files a/images/image6.png and /dev/null differ
diff --git a/images/image7.png b/images/image7.png
deleted file mode 100644
index 7ac5fa0..0000000
Binary files a/images/image7.png and /dev/null differ
diff --git a/images/image8.png b/images/image8.png
deleted file mode 100644
index 56846f0..0000000
Binary files a/images/image8.png and /dev/null differ
diff --git a/images/image9.png b/images/image9.png
deleted file mode 100644
index bc978c2..0000000
Binary files a/images/image9.png and /dev/null differ
diff --git a/integration-manifest.json b/integration-manifest.json
index 506e61f..9e19ab4 100644
--- a/integration-manifest.json
+++ b/integration-manifest.json
@@ -1,356 +1,356 @@
 {
-  "$schema": "https://keyfactor.github.io/integration-manifest-schema.json",
-  "integration_type": "orchestrator",
-  "name": "F5",
-  "status": "production",
-  "update_catalog": true,
-  "link_github": true,
-  "support_level": "kf-supported",
-  "release_dir": "bin/Release",
-  "description": "The F5 Orchestrator allows for the remote management of F5 Stores. Discovery, Inventory, and Management functions are supported.",
-  "about": {
-    "orchestrator": {
-      "UOFramework": "10.1",
-      "pam_support": true,
-      "keyfactor_platform_version": "10.4",
-      "win": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": true,
-        "supportsManagementAdd": true,
-        "supportsManagementRemove": true,
-        "supportsReenrollment": false,
-        "supportsInventory": true,
-        "platformSupport": "Unused"
-      },
-      "linux": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": true,
-        "supportsManagementAdd": true,
-        "supportsManagementRemove": true,
-        "supportsReenrollment": false,
-        "supportsInventory": true,
-        "platformSupport": "Unused"
-      },
-      "store_types": {
-        "F5-SL-REST": {
-          "Name": "F5 SSL Profiles REST",
-          "ShortName": "F5-SL-REST",
-          "Capability": "F5-SL-REST",
-          "SupportedOperations": {
-            "Add": true,
-            "Create": false,
-            "Discovery": true,
-            "Enrollment": false,
-            "Remove": true
-          },
-          "Properties": [
-            {
-              "Name": "PrimaryNode",
-              "DisplayName": "Primary Node",
-              "Type": "String",
-              "DependsOn": "PrimaryNodeOnlineRequired",
-              "DefaultValue": "",
-              "Required": true
-            },
-            {
-              "Name": "PrimaryNodeCheckRetryWaitSecs",
-              "DisplayName": "Primary Node Check Retry Wait Seconds",
-              "Type": "String",
-              "DependsOn": "PrimaryNodeOnlineRequired",
-              "DefaultValue": "120",
-              "Required": true
-            },
-            {
-              "Name": "PrimaryNodeCheckRetryMax",
-              "DisplayName": "Primary Node Check Retry Maximum",
-              "Type": "String",
-              "DependsOn": "PrimaryNodeOnlineRequired",
-              "DefaultValue": "3",
-              "Required": true
-            },
-            {
-              "Name": "F5Version",
-              "DisplayName": "Version of F5",
-              "Type": "MultipleChoice",
-              "DependsOn": "",
-              "DefaultValue": "v12,v13,v14,v15",
-              "Required": true
-            },
-            {
-              "Name": "ServerUsername",
-              "DisplayName": "Server Username",
-              "Type": "Secret",
-              "DependsOn": "",
-              "DefaultValue": null,
-              "Required": false
-            },
-            {
-              "Name": "ServerPassword",
-              "DisplayName": "Server Password",
-              "Type": "Secret",
-              "DependsOn": "",
-              "DefaultValue": null,
-              "Required": false
-            },
-            {
-              "Name": "ServerUseSsl",
-              "DisplayName": "Use SSL",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "true",
-              "Required": true
-            },
-            {
-              "Name": "PrimaryNodeOnlineRequired",
-              "DisplayName": "Primary Node Online Required",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "",
-              "Required": true
-            },
-            {
-              "Name": "IgnoreSSLWarning",
-              "DisplayName": "Ignore SSL Warning",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "False",
-              "Required": true
-            },
-            {
-              "Name": "UseTokenAuth",
-              "DisplayName": "Use Token Authentication",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "false",
-              "Required": true
-            }
-          ],
-          "EntryParameters": [],
-          "PasswordOptions": {
-            "EntrySupported": false,
-            "StoreRequired": true,
-            "Style": "Default"
-          },
-          "PrivateKeyAllowed": "Optional",
-          "JobProperties": [],
-          "ServerRequired": true,
-          "PowerShell": false,
-          "BlueprintAllowed": true,
-          "CustomAliasAllowed": "Required"
-        },
-        "F5-WS-REST": {
-          "Name": "F5 WS Profiles REST",
-          "ShortName": "F5-WS-REST",
-          "Capability": "F5-WS-REST",
-          "SupportedOperations": {
-            "Add": true,
-            "Create": false,
-            "Discovery": false,
-            "Enrollment": false,
-            "Remove": false
-          },
-          "Properties": [
-            {
-              "Name": "PrimaryNode",
-              "DisplayName": "Primary Node",
-              "Type": "String",
-              "DependsOn": "PrimaryNodeOnlineRequired",
-              "DefaultValue": "",
-              "Required": true
-            },
-            {
-              "Name": "PrimaryNodeCheckRetryWaitSecs",
-              "DisplayName": "Primary Node Check Retry Wait Seconds",
-              "Type": "String",
-              "DependsOn": "PrimaryNodeOnlineRequired",
-              "DefaultValue": "120",
-              "Required": true
-            },
-            {
-              "Name": "PrimaryNodeCheckRetryMax",
-              "DisplayName": "Primary Node Check Retry Maximum",
-              "Type": "String",
-              "DependsOn": "PrimaryNodeOnlineRequired",
-              "DefaultValue": "3",
-              "Required": true
-            },
-            {
-              "Name": "F5Version",
-              "DisplayName": "Version of F5",
-              "Type": "MultipleChoice",
-              "DependsOn": "",
-              "DefaultValue": "v12,v13,v14,v15",
-              "Required": true
-            },
-            {
-              "Name": "ServerUsername",
-              "DisplayName": "Server Username",
-              "Type": "Secret",
-              "DependsOn": "",
-              "DefaultValue": null,
-              "Required": false
-            },
-            {
-              "Name": "ServerPassword",
-              "DisplayName": "Server Password",
-              "Type": "Secret",
-              "DependsOn": "",
-              "DefaultValue": null,
-              "Required": false
-            },
-            {
-              "Name": "ServerUseSsl",
-              "DisplayName": "Use SSL",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "true",
-              "Required": true
-            },
-            {
-              "Name": "PrimaryNodeOnlineRequired",
-              "DisplayName": "Primary Node Online Required",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "",
-              "Required": true
-            },
-            {
-              "Name": "IgnoreSSLWarning",
-              "DisplayName": "Ignore SSL Warning",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "False",
-              "Required": true
-            },
-            {
-              "Name": "UseTokenAuth",
-              "DisplayName": "Use Token Authentication",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "false",
-              "Required": true
-            }
-          ],
-          "EntryParameters": [],
-          "PasswordOptions": {
-            "EntrySupported": false,
-            "StoreRequired": false,
-            "Style": "Default"
-          },
-          "PrivateKeyAllowed": "Required",
-          "JobProperties": [],
-          "ServerRequired": true,
-          "PowerShell": false,
-          "BlueprintAllowed": true,
-          "CustomAliasAllowed": "Forbidden"
-        },
-        "F5-CA-REST": {
-          "Name": "F5 CA Profiles REST",
-          "ShortName": "F5-CA-REST",
-          "Capability": "F5-CA-REST",
-          "SupportedOperations": {
-            "Add": true,
-            "Create": false,
-            "Discovery": true,
-            "Enrollment": false,
-            "Remove": true
-          },
-          "Properties": [
-            {
-              "Name": "PrimaryNode",
-              "DisplayName": "Primary Node",
-              "Type": "String",
-              "DependsOn": "PrimaryNodeOnlineRequired",
-              "DefaultValue": "",
-              "Required": true
-            },
-            {
-              "Name": "PrimaryNodeCheckRetryWaitSecs",
-              "DisplayName": "Primary Node Check Retry Wait Seconds",
-              "Type": "String",
-              "DependsOn": "PrimaryNodeOnlineRequired",
-              "DefaultValue": "120",
-              "Required": true
-            },
-            {
-              "Name": "PrimaryNodeCheckRetryMax",
-              "DisplayName": "Primary Node Check Retry Maximum",
-              "Type": "String",
-              "DependsOn": "PrimaryNodeOnlineRequired",
-              "DefaultValue": "3",
-              "Required": true
-            },
-            {
-              "Name": "F5Version",
-              "DisplayName": "Version of F5",
-              "Type": "MultipleChoice",
-              "DependsOn": "",
-              "DefaultValue": "v12,v13,v14,v15",
-              "Required": true
-            },
-            {
-              "Name": "ServerUsername",
-              "DisplayName": "Server Username",
-              "Type": "Secret",
-              "DependsOn": "",
-              "DefaultValue": null,
-              "Required": false
-            },
-            {
-              "Name": "ServerPassword",
-              "DisplayName": "Server Password",
-              "Type": "Secret",
-              "DependsOn": "",
-              "DefaultValue": null,
-              "Required": false
-            },
-            {
-              "Name": "ServerUseSsl",
-              "DisplayName": "Use SSL",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "true",
-              "Required": true
-            },
-            {
-              "Name": "PrimaryNodeOnlineRequired",
-              "DisplayName": "Primary Node Online Required",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "",
-              "Required": true
-            },
-            {
-              "Name": "IgnoreSSLWarning",
-              "DisplayName": "Ignore SSL Warning",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "False",
-              "Required": true
-            },
-            {
-              "Name": "UseTokenAuth",
-              "DisplayName": "Use Token Authentication",
-              "Type": "Bool",
-              "DependsOn": "",
-              "DefaultValue": "false",
-              "Required": true
-            }
-          ],
-          "EntryParameters": [],
-          "PasswordOptions": {
-            "EntrySupported": false,
-            "StoreRequired": false,
-            "Style": "Default"
-          },
-          "PrivateKeyAllowed": "Forbidden",
-          "JobProperties": [],
-          "ServerRequired": true,
-          "PowerShell": false,
-          "BlueprintAllowed": true,
-          "CustomAliasAllowed": "Required"
+    "$schema": "https://keyfactor.github.io/v2/integration-manifest-schema.json",
+    "integration_type": "orchestrator",
+    "name": "F5",
+    "status": "production",
+    "update_catalog": true,
+    "link_github": true,
+    "support_level": "kf-supported",
+    "release_project": "F5Orchestrator.csproj",
+    "release_dir": "bin/Release",
+    "description": "The F5 Orchestrator allows for the remote management of F5 Stores. Discovery, Inventory, and Management functions are supported.",
+    "about": {
+        "orchestrator": {
+            "UOFramework": "10.1",
+            "pam_support": true,
+            "keyfactor_platform_version": "10.4",
+            "store_types": [
+                {
+                    "Name": "F5 SSL Profiles REST",
+                    "ShortName": "F5-SL-REST",
+                    "Capability": "F5-SL-REST",
+                    "ServerRequired": true,
+                    "BlueprintAllowed": true,
+                    "CustomAliasAllowed": "Required",
+                    "PowerShell": false,
+                    "PrivateKeyAllowed": "Optional",
+                    "ClientMachineDescription": "The server name or IP Address for the F5 device.",
+                    "StorePathDescription": "Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is \"Common\", it must be entered as \"Common\" and not \"common\",",
+                    "SupportedOperations": {
+                        "Add": true,
+                        "Create": false,
+                        "Discovery": true,
+                        "Enrollment": false,
+                        "Remove": true
+                    },
+                    "PasswordOptions": {
+                        "Style": "Default",
+                        "EntrySupported": false,
+                        "StoreRequired": true,
+                        "StorePassword": {
+                            "Description": "Check \"No Password\" if you wish the private key of any added certificate to be set to Key Security Type \"Normal\". Enter a value (either a password or pointer to an installed PAM provider key for the password) to be used to encrypt the private key of any added certificate for Key Security Type of \"Password\".",
+                            "IsPAMEligible": true
+                        }
+                    },
+                    "Properties": [
+                        {
+                            "Name": "PrimaryNode",
+                            "DisplayName": "Primary Node",
+                            "Type": "String",
+                            "DependsOn": "PrimaryNodeOnlineRequired",
+                            "DefaultValue": "",
+                            "Required": true,
+                            "Description": "Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive."
+                        },
+                        {
+                            "Name": "PrimaryNodeCheckRetryWaitSecs",
+                            "DisplayName": "Primary Node Check Retry Wait Seconds",
+                            "Type": "String",
+                            "DependsOn": "PrimaryNodeOnlineRequired",
+                            "DefaultValue": "120",
+                            "Required": true,
+                            "Description": "Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive."
+                        },
+                        {
+                            "Name": "PrimaryNodeCheckRetryMax",
+                            "DisplayName": "Primary Node Check Retry Maximum",
+                            "Type": "String",
+                            "DependsOn": "PrimaryNodeOnlineRequired",
+                            "DefaultValue": "3",
+                            "Required": true,
+                            "Description": "Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing."
+                        },
+                        {
+                            "Name": "PrimaryNodeOnlineRequired",
+                            "DisplayName": "Primary Node Online Required",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "",
+                            "Required": true,
+                            "Description": "Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed."
+                        },
+                        {
+                            "Name": "IgnoreSSLWarning",
+                            "DisplayName": "Ignore SSL Warning",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "False",
+                            "Required": true,
+                            "Description": "Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs."
+                        },
+                        {
+                            "Name": "UseTokenAuth",
+                            "DisplayName": "Use Token Authentication",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "false",
+                            "Required": true,
+                            "Description": "Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests."
+                        },
+                        {
+                            "Name": "ServerUsername",
+                            "DisplayName": "Server Username",
+                            "Type": "Secret",
+                            "DependsOn": "",
+                            "DefaultValue": "",
+                            "IsPAMEligible": true,
+                            "Required": false,
+                            "Description": "Login credential for the F5 device.  MUST be an Admin account."
+                        },
+                        {
+                            "Name": "ServerPassword",
+                            "DisplayName": "Server Password",
+                            "Type": "Secret",
+                            "DependsOn": "",
+                            "DefaultValue": "",
+                            "IsPAMEligible": true,
+                            "Required": false,
+                            "Description": "Login password for the F5 device."
+                        },
+                        {
+                            "Name": "ServerUseSsl",
+                            "DisplayName": "Use SSL",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "true",
+                            "Required": true,
+                            "Description": "True if using https to access the F5 device. False if using http."
+                        }
+                    ],
+                    "EntryParameters": []
+                },
+                {
+                    "Name": "F5 WS Profiles REST",
+                    "ShortName": "F5-WS-REST",
+                    "Capability": "F5-WS-REST",
+                    "ServerRequired": true,
+                    "BlueprintAllowed": true,
+                    "CustomAliasAllowed": "Forbidden",
+                    "PowerShell": false,
+                    "PrivateKeyAllowed": "Required",
+                    "ClientMachineDescription": "The server name or IP Address for the F5 device.",
+                    "StorePathDescription": "Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is \"Common\", it must be entered as \"Common\" and not \"common\",",
+                    "SupportedOperations": {
+                        "Add": true,
+                        "Create": false,
+                        "Discovery": false,
+                        "Enrollment": false,
+                        "Remove": false
+                    },
+                    "PasswordOptions": {
+                        "Style": "Default",
+                        "EntrySupported": false,
+                        "StoreRequired": false
+                    },
+                    "Properties": [
+                        {
+                            "Name": "PrimaryNode",
+                            "DisplayName": "Primary Node",
+                            "Type": "String",
+                            "DependsOn": "PrimaryNodeOnlineRequired",
+                            "DefaultValue": "",
+                            "Required": true,
+                            "Description": "Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive."
+                        },
+                        {
+                            "Name": "PrimaryNodeCheckRetryWaitSecs",
+                            "DisplayName": "Primary Node Check Retry Wait Seconds",
+                            "Type": "String",
+                            "DependsOn": "PrimaryNodeOnlineRequired",
+                            "DefaultValue": "120",
+                            "Required": true,
+                            "Description": "Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive."
+                        },
+                        {
+                            "Name": "PrimaryNodeCheckRetryMax",
+                            "DisplayName": "Primary Node Check Retry Maximum",
+                            "Type": "String",
+                            "DependsOn": "PrimaryNodeOnlineRequired",
+                            "DefaultValue": "3",
+                            "Required": true,
+                            "Description": "Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing."
+                        },
+                        {
+                            "Name": "PrimaryNodeOnlineRequired",
+                            "DisplayName": "Primary Node Online Required",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "",
+                            "Required": true,
+                            "Description": "Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed."
+                        },
+                        {
+                            "Name": "IgnoreSSLWarning",
+                            "DisplayName": "Ignore SSL Warning",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "False",
+                            "Required": true,
+                            "Description": "Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs."
+                        },
+                        {
+                            "Name": "UseTokenAuth",
+                            "DisplayName": "Use Token Authentication",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "false",
+                            "Required": true,
+                            "Description": "Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests."
+                        },
+                        {
+                            "Name": "ServerUsername",
+                            "DisplayName": "Server Username",
+                            "Type": "Secret",
+                            "DependsOn": "",
+                            "DefaultValue": "",
+                            "IsPAMEligible": true,
+                            "Required": false,
+                            "Description": "Login credential for the F5 device.  MUST be an Admin account."
+                        },
+                        {
+                            "Name": "ServerPassword",
+                            "DisplayName": "Server Password",
+                            "Type": "Secret",
+                            "DependsOn": "",
+                            "DefaultValue": "",
+                            "IsPAMEligible": true,
+                            "Required": false,
+                            "Description": "Login password for the F5 device."
+                        },
+                        {
+                            "Name": "ServerUseSsl",
+                            "DisplayName": "Use SSL",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "true",
+                            "Required": true,
+                            "Description": "True if using https to access the F5 device. False if using http."
+                        }
+                    ],
+                    "EntryParameters": []
+                },
+                {
+                    "Name": "F5 CA Profiles REST",
+                    "ShortName": "F5-CA-REST",
+                    "Capability": "F5-CA-REST",
+                    "ServerRequired": true,
+                    "ClientMachineDescription": "The server name or IP Address for the F5 device.",
+                    "StorePathDescription": "Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is \"Common\", it must be entered as \"Common\" and not \"common\",",
+                    "SupportedOperations": {
+                        "Add": true,
+                        "Create": false,
+                        "Discovery": true,
+                        "Enrollment": false,
+                        "Remove": true
+                    },
+                    "PasswordOptions": {
+                        "Style": "Default",
+                        "EntrySupported": false,
+                        "StoreRequired": false
+                    },
+                    "PrivateKeyAllowed": "Forbidden",
+                    "JobProperties": [],
+                    "PowerShell": false,
+                    "BlueprintAllowed": true,
+                    "CustomAliasAllowed": "Required",
+                    "Properties": [
+                        {
+                            "Name": "PrimaryNode",
+                            "DisplayName": "Primary Node",
+                            "Type": "String",
+                            "DependsOn": "PrimaryNodeOnlineRequired",
+                            "DefaultValue": "",
+                            "Required": true,
+                            "Description": "Only required (and shown) if Primary Node Online Required is added and selected.  Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive."
+                        },
+                        {
+                            "Name": "PrimaryNodeCheckRetryWaitSecs",
+                            "DisplayName": "Primary Node Check Retry Wait Seconds",
+                            "Type": "String",
+                            "DependsOn": "PrimaryNodeOnlineRequired",
+                            "DefaultValue": "120",
+                            "Required": true,
+                            "Description": "Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive."
+                        },
+                        {
+                            "Name": "PrimaryNodeCheckRetryMax",
+                            "DisplayName": "Primary Node Check Retry Maximum",
+                            "Type": "String",
+                            "DependsOn": "PrimaryNodeOnlineRequired",
+                            "DefaultValue": "3",
+                            "Required": true,
+                            "Description": "Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing."
+                        },
+                        {
+                            "Name": "PrimaryNodeOnlineRequired",
+                            "DisplayName": "Primary Node Online Required",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "",
+                            "Required": true,
+                            "Description": "Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed."
+                        },
+                        {
+                            "Name": "IgnoreSSLWarning",
+                            "DisplayName": "Ignore SSL Warning",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "False",
+                            "Required": true,
+                            "Description": "Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs."
+                        },
+                        {
+                            "Name": "UseTokenAuth",
+                            "DisplayName": "Use Token Authentication",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "false",
+                            "Required": true,
+                            "Description": "Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests."
+                        },
+                        {
+                            "Name": "ServerUsername",
+                            "DisplayName": "Server Username",
+                            "Type": "Secret",
+                            "DependsOn": "",
+                            "DefaultValue": "",
+                            "IsPAMEligible": true,
+                            "Required": false,
+                            "Description": "Login credential for the F5 device.  MUST be an Admin account."
+                        },
+                        {
+                            "Name": "ServerPassword",
+                            "DisplayName": "Server Password",
+                            "Type": "Secret",
+                            "DependsOn": "",
+                            "DefaultValue": "",
+                            "IsPAMEligible": true,
+                            "Required": false,
+                            "Description": "Login password for the F5 device."
+                        },
+                        {
+                            "Name": "ServerUseSsl",
+                            "DisplayName": "Use SSL",
+                            "Type": "Bool",
+                            "DependsOn": "",
+                            "DefaultValue": "true",
+                            "Required": true,
+                            "Description": "True if using https to access the F5 device. False if using http."
+                        }
+                    ],
+                    "EntryParameters": []
+                }
+            ]
         }
-      }
     }
-  }
-}
+}
\ No newline at end of file
diff --git a/readme-src/readme-pam-support.md b/readme-src/readme-pam-support.md
deleted file mode 100644
index 678a9e2..0000000
--- a/readme-src/readme-pam-support.md
+++ /dev/null
@@ -1,5 +0,0 @@
-|Name|Description|
-|----|-----------|
-|ServerUsername|The user id that will be used to authenticate to the F5 installation|
-|ServerPassword|The password that will be used to authenticate to the F5 installation|
-  
diff --git a/readme_source.md b/readme_source.md
deleted file mode 100644
index c18bdf0..0000000
--- a/readme_source.md
+++ /dev/null
@@ -1,150 +0,0 @@
-<span style="color:red">**Please note that this integration will work with the Universal Orchestrator version 10.1 or earlier, OR 10.4.1 or greater**</span>
-
-## Use Cases
-
-The F5 Orchestrator supports three different types of certificates stores with the capabilities for each below:
-
-- CA Bundles
-  - Discovery
-  - Inventory*
-  - Management (Add and Remove)
-- Web Server Device Certificates
-  - Inventory*
-  - Management (Add, but replacement/renewal of existing certificate only) 
-- SSL Certificates
-  - Discovery
-  - Inventory*
-  - Management (Add and Remove)  
-
-*Special note on private keys: One of the pieces of information that Keyfactor collects during an Inventory job is whether or not the certificate stored in F5 has a private key.  The private key is NEVER actually retrieved by Keyfactor, but Keyfactor does track whether one exists.  F5 does not provide an API to determine this, so by convention, all CA Bundle certificates are deemed to not have private keys, while Web Server and SSL certificates are deemed to have them.  Any Management jobs adding (new or renewal) a certificate will renew without the private key for CA Bundle stores and with the private key for Web Server or SSL stores.
-
-
-
-
-## Versioning
-
-The version number of a the F5 Orchestrator can be verified by right clicking on the F5Orchestrator.dll file, selecting Properties, and then clicking on the Details tab.
-
-## F5 Orchestrator Installation
-
-1. Stop the Keyfactor Universal Orchestrator Service.
-2. In the Keyfactor Orchestrator installation folder (by convention usually C:\Program Files\Keyfactor\Keyfactor Orchestrator), find the "extensions" folder. Underneath that, create a new folder named F5 or another name of your choosing.
-3. Download the latest version of the F5 Orchestrator from [GitHub](https://github.com/Keyfactor/f5-rest-orchestrator).
-4. Copy the contents of the download installation zip file into the folder created in step 1.
-5. Start the Keyfactor Universal Orchestrator Service.
-
-
-## F5 Orchestrator Configuration
-
-**1. In Keyfactor Command, if any of the aforementioned certificate store types do not already exist, create a new certificate store type for each of the 3 that you wish to manage by navigating to Settings (the "gear" icon in the top right) => Certificate Store Types.**
-
-**<u>CA Bundles:</u>**
-
-![](images/image1.png)
-![](images/image2.png)
-
-
-
-**<u>Web Server Certificates</u>**
-
-![](images/image9.png)
-![](images/image10.png)
-
-
-
-**<u>SSL Certificates</u>**
-
-![](images/image11.png)
-![](images/image12.png)
-
-- **Name** – Required. The display name of the new Certificate Store Type
-- **Short Name** – Required. This value ***must match*** the folder name for this store type under the "extensions" folder in the install path.
-- **Custom Capability** - Leave unchecked
-- **Supported Job Types** – Select Inventory and Add for all 3 types, and Discovery for CA Bundles and SSL Certificates.
-- **General Settings** - Select Needs Server.  Leave Uses PowerShell unchecked.  Select Blueprint Allowed if you plan to use blueprinting.
-- **Password Settings** - Leave both options unchecked for F5-WS-REST and F5-CA-REST.  Select Needs Store Password for F5-SL-REST.
-- **All selections on Advanced tab** - Set the values on this tab ***exactly*** as they are shown in the above screen prints for each applicable store type.
-
-
-
-The Custom Fields tab contains 10 custom store parameters (3 of which, Server Username, Server Password, and Use SSL were set up on the Basic tab and are not actually custom parameters you need or want to modify on this tab).  The set up is consistent across store types, and should look as follows:
-
-![](images/image3.png)<br>  
-![](images/image6.png)<br>  
-![](images/image7.png)<br>  
-![](images/image8.png)<br>  
-![](images/image4.png)<br>  
-![](images/image5.png)<br>  
-![](images/image15.png)<br>  
-![](images/image16.png)<br>  
-
-If any or all of the 3 certificate store types were already set up on installation of Keyfactor, you may only need to add Primary Node Online Required and Ignore SSL Warning.  These parameters, however, are optional and only necessary if needed to be set to true.  Please see the descriptions below in "2a. Create a F5 Certificate Store wihin Keyfactor Command.
-
-
-
-**2a. Create a F5 Certificate Store within Keyfactor Command**  
-![](images/image13.png)  
-
-If you choose to manually create a F5 store In Keyfactor Command rather than running a Discovery job (Step 2b) to automatically find the store, you can navigate to Certificate Locations =\> Certificate Stores within Keyfactor Command to add the store. Below are the values that should be entered.![](Images/Image13.png)
-
-- **Category** – Required.  One of the 3 F5 store types - F5 Web Server REST, F5 CA Bundles REST, or F5 SSL Profiles REST (your configured names may be different based on what you entered when creating the certificate store types in Step 1).
-
-- **Container** – Optional.  Select a container if utilized.
-
-- **Client Machine** – Required.  The server name or IP Address for the F5 device.
-  
-- **Store Path** – Required.  Enter the name of the partition on the F5 device you wish to manage.  This value is case sensitive, so if the partition name is "Common", it must be entered as "Common" and not "common".
-
-- **Orchestrator** – Required.  Select the orchestrator you wish to use to manage this store
-
-- **Primary Node Online Required** – Optional.  Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive.  If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed.  If you choose not to add this custom field, the default value of False will be assumed.
-
-- **Primary Node** - Only required (and shown) if Primary Node Online Required is added and selected.  Enter the fully qualified domain name of the F5 device that acts as the primary node in a highly available F5 implementation.  If you're using a single F5 device, this will typically be the same value you entered in the Client Machine field.
-
-- **Primary Node Check Retry Wait Seconds** - Only required (and shown) if Primary Node Online Required is added and selected.  Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive.
-
-- **Primary Node Check Retry Maximum** - Only required (and shown) if Primary Node Online Required is added and selected.  Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing.
-
-- **Version of F5** - Required.  Select v13, v14, or v15 to match the version for the F5 device being managed
-
-- **Server Username/Server Password** - Required.  The credentials for server login can be any of:
-  
-  - UserId/Password
-  
-  - PAM provider information to pass the UserId/Password or UserId/SSH private key credentials
-
-- **Use SSL** - Required.  True if using https to access the F5 device.  False if using http.
-
-- **Ignore SSL Warning** - Optional.  Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it.  If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs.
-
-- **Use Token Authentication** - Optional.  Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests.  If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs.  Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests.
-
-- **Store Password** - Required for F5-SL-REST only.  Check "No Password" if you wish the private key of any added certificate to be set to Key Security Type "Normal".  Enter a value (either a password or pointer to an installed PAM provider key for the password) to be used to encrypt the private key of any added certificate for Key Security Type of "Password".
-
-- **Inventory Schedule** – Set a schedule for running Inventory jobs or none, if you choose not to schedule Inventory at this time.
-
-**2b. (Optional) Schedule a F5 Discovery Job**
-
-Rather than manually creating F5 certificate stores, you can schedule a Discovery job to search find them (CA Bundle and SSL Certificate store types only).
-
-First, in Keyfactor Command navigate to Certificate Locations =\> Certificate Stores. Select the Discover tab and then the Schedule button. Complete the dialog and click Done to schedule.
-![](images/image14.png)
-
-- **Category** – Required. The F5 store type you wish to find stores for.
-
-- **Orchestrator** – Select the orchestrator you wish to use to manage this store
-
-- **Client Machine & Credentials** – Required.  The server name or IP Address and login credentials for the F5 device.  The credentials for server login can be any of:
-
-  - UserId/Password
-  - PAM provider information to pass the UserId/Password or UserId/SSH private key credentials
-  
-  When entering the credentials, UseSSL ***must*** be selected.
-  
-- **When** – Required. The date and time when you would like this to execute.
-
-- **Directories to search** – Required but not used. This field is not used in the search to Discover certificate stores, but ***is*** a required field in this dialog, so just enter any value.  It will not be used.
-
-- **Directories to ignore/Extensions/File name patterns to match/Follow SymLinks/Include PKCS12 Files** – Not used.  Leave blank.
-
-Once the Discovery job has completed, a list of F5 certificate store locations should show in the Certificate Stores Discovery tab in Keyfactor Command. Right click on a store and select Approve to bring up a dialog that will ask for the remaining necessary certificate store parameters described in Step 2a.  Complete those and click Save, and the Certificate Store should now show up in the list of stores in the Certificate Stores tab.