We have deployed Okta Device certs via Jamf, and we have a few applications that require that certificate to login in Okta. We have Salesforce blocked by this policy. We have some users however that use the Data Loader integration, with which you need to login to Salesforce through the little Java application that is spun up for Data Loader. When a user tries to login to SFDC through Data Loader, we get a message saying 'java wants access to tmpOktaCert', which is not the normal message I see when an application isn't whitelisted in the cert. Has anyone had any success with Whitelisting Data Loader?