diff --git a/authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc b/authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc
index b949764dbb..ced6e81140 100644
--- a/authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc
+++ b/authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc
@@ -13,17 +13,15 @@ Manual mode with GCP Workload Identity is supported for Google Cloud Platform (G
 This credentials strategy is supported for only new {product-title} clusters and must be configured during installation. You cannot reconfigure an existing cluster that uses a different credentials strategy to use this feature.
 ====
 
+[id="gcp-workload-identity-mode-about_{context}"]
+== About manual mode with GCP Workload Identity
+
 In manual mode with GCP Workload Identity, the individual {product-title} cluster components can impersonate IAM service accounts using short-term, limited-privilege credentials.
 
 Requests for new and refreshed credentials are automated by using an appropriately configured OpenID Connect (OIDC) identity provider, combined with IAM service accounts. {product-title} signs service account tokens that are trusted by GCP, and can be projected into a pod and used for authentication. Tokens are refreshed after one hour by default.
 
-////
-to-do: GCP diagram from https://github.com/openshift/cloud-credential-operator/blob/master/docs/gcp_workload_identity_flow.png?raw=true
-
 .Workload Identity authentication flow
-image::<new_filename_for_gcp_workload_id.svg[Detailed authentication flow between GCP and the cluster when using GCP Workload Identity]
-//to-do: improve alt-text
-////
+image::347_OpenShift_credentials_with_STS_updates_0623_GCP.png[Detailed authentication flow between GCP and the cluster when using GCP Workload Identity]
 
 Using manual mode with GCP Workload Identity changes the content of the GCP credentials that are provided to individual {product-title} components.
 
diff --git a/authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc b/authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc
index c4b204ffdf..ad0c756d57 100644
--- a/authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc
+++ b/authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc
@@ -20,11 +20,8 @@ In manual mode with STS, the individual {product-title} cluster components use A
 
 Requests for new and refreshed credentials are automated by using an appropriately configured AWS IAM OpenID Connect (OIDC) identity provider, combined with AWS IAM roles. {product-title} signs service account tokens that are trusted by AWS IAM, and can be projected into a pod and used for authentication. Tokens are refreshed after one hour.
 
-//to-do: more detailed info on this flow
-
 .STS authentication flow
-image::142_OpenShift_credentials_STS_0221.png[Detailed authentication flow between AWS and the cluster when using AWS STS]
-//to-do: improve alt-text
+image::347_OpenShift_credentials_with_STS_updates_0623_AWS.png[Detailed authentication flow between AWS and the cluster when using AWS STS]
 
 Using manual mode with STS changes the content of the AWS credentials that are provided to individual {product-title} components.
 
diff --git a/images/142_OpenShift_credentials_STS_0221.png b/images/142_OpenShift_credentials_STS_0221.png
deleted file mode 100644
index c4f8be7b1b..0000000000
Binary files a/images/142_OpenShift_credentials_STS_0221.png and /dev/null differ
diff --git a/images/347_OpenShift_credentials_with_STS_updates_0623_AWS.png b/images/347_OpenShift_credentials_with_STS_updates_0623_AWS.png
new file mode 100644
index 0000000000..85dba21558
Binary files /dev/null and b/images/347_OpenShift_credentials_with_STS_updates_0623_AWS.png differ
diff --git a/images/347_OpenShift_credentials_with_STS_updates_0623_GCP.png b/images/347_OpenShift_credentials_with_STS_updates_0623_GCP.png
new file mode 100644
index 0000000000..968b0285f9
Binary files /dev/null and b/images/347_OpenShift_credentials_with_STS_updates_0623_GCP.png differ