We are getting these errors on the client side logs when trying to implement Device trust:

Error generating a Device Trust certificate for user 'domain/employeename'. Please check your IWA configuration. The user token generated by IWA: {I'm leaving the token out on purpose}

Exception running the Device Trust client for user domain/employeename : System.Net.WebException: The remote server returned an error: (401) Unauthorized.

  at System.Net.WebClient.UploadDataInternal(Uri address, String method, Byte[] data, WebRequest& request)

  at System.Net.WebClient.UploadString(Uri address, String method, String data)

  at System.Net.WebClient.UploadString(String address, String data)

  at OktaDeviceTrustClient.OktaDeviceTrustCertificateManager.RequestAndInstallCertificate(String userToken, Boolean skipTpm)

  at OktaDeviceTrustClient.OktaDeviceTrustClient.ExecuteUserTasks(Boolean forceRenewal, Boolean skipTpm)

  at OktaDeviceTrustClient.Program.<>c__DisplayClass8_0.<Main>b__0()

Any idea what to do? It's over HTTPS, ive turned on SSL in the IWA settings, and edited the web config file with what they have in the instructions. I added my user, and the NT service account to permissions for everything in IIS and IWA to test and still go the same errors. My user is also in okta.