diff --git a/docs/images/screenshots/pbs-gui-administration-serverstatus.png b/docs/images/screenshots/pbs-gui-administration-serverstatus.png
index a480bfb3..2ab0edf1 100644
Binary files a/docs/images/screenshots/pbs-gui-administration-serverstatus.png and b/docs/images/screenshots/pbs-gui-administration-serverstatus.png differ
diff --git a/docs/images/screenshots/pbs-gui-apitoken-overview.png b/docs/images/screenshots/pbs-gui-apitoken-overview.png
new file mode 100644
index 00000000..98c5c5a7
Binary files /dev/null and b/docs/images/screenshots/pbs-gui-apitoken-overview.png differ
diff --git a/docs/images/screenshots/pbs-gui-apitoken-secret-value.png b/docs/images/screenshots/pbs-gui-apitoken-secret-value.png
new file mode 100644
index 00000000..bd8be133
Binary files /dev/null and b/docs/images/screenshots/pbs-gui-apitoken-secret-value.png differ
diff --git a/docs/images/screenshots/pbs-gui-user-management-add-user.png b/docs/images/screenshots/pbs-gui-user-management-add-user.png
index a8be6df1..e56570cf 100644
Binary files a/docs/images/screenshots/pbs-gui-user-management-add-user.png and b/docs/images/screenshots/pbs-gui-user-management-add-user.png differ
diff --git a/docs/images/screenshots/pbs-gui-user-management.png b/docs/images/screenshots/pbs-gui-user-management.png
index d23781af..4614e2c6 100644
Binary files a/docs/images/screenshots/pbs-gui-user-management.png and b/docs/images/screenshots/pbs-gui-user-management.png differ
diff --git a/docs/user-management.rst b/docs/user-management.rst
index c669f2b4..06348917 100644
--- a/docs/user-management.rst
+++ b/docs/user-management.rst
@@ -91,6 +91,10 @@ Or completely remove the user with:
 API Tokens
 ----------
 
+.. image:: images/screenshots/pbs-gui-apitoken-overview.png
+  :align: right
+  :alt: API Token Overview
+
 Any authenticated user can generate API tokens which can in turn be used to
 configure various clients, instead of directly providing the username and
 password.
@@ -105,6 +109,10 @@ the realm and a tokenname (``user@realm!tokenname``), and a secret value. Both
 need to be provided to the client in place of the user ID (``user@realm``) and
 the user password, respectively.
 
+.. image:: images/screenshots/pbs-gui-apitoken-secret-value.png
+  :align: right
+  :alt: API secret value
+
 The API token is passed from the client to the server by setting the
 ``Authorization`` HTTP header with method ``PBSAPIToken`` to the value
 ``TOKENID:TOKENSECRET``.
@@ -185,7 +193,7 @@ following roles exist:
 **RemoteSyncOperator**
   Is allowed to read data from a remote.
 
-.. image:: images/screenshots/pbs-gui-permissions-add.png
+.. image:: images/screenshots/pbs-gui-user-management-add-user.png
   :align: right
   :alt: Add permissions for user