Jenkins Agent access

my company uses OKTA for authentication, including on our Jenkins build server.
The main Jenkins controller is an AWS EC2 instance.

Jenkins has ‘agents’ - basically instances that actually run the jobs for the controller.
In this case, the agents are docker instances on a physical machine, with each instance connected to a set of hardware (the details are not really relevant, but it gives context).

The agents connect by running the following command:
java -jar agent.jar -jnlpUrl https://[server url]/jenkins-agent.jnlp -secret [agent specific key]

Now we have OKTA on the jenkins server, this no longer works as it requires OKTA authentication.

How can I make this work? Some sort of persistent token?
Please speak to me like I was a moron, I know next to nothing about web dev, and as far as I am concerned Java is something that wakes me up in the morning :smile: