Deploying automatic updates on macOS without asking for a password is possible; however, the scenarios are case-specific.
If a user does a self-install and the same user is active and logged in when the automatic update is triggered, it will not prompt for a password. This means that A. the application will be owned by the user that initiated the installation, and the automatic update can only be triggered by that user, and B. if a second user logs into the device and an automatic update are triggered, the second user, will then be prompted for a password.
If the Beyond Identity Platform Authenticator is remote-installed by an MDM, automatic updates must be disabled, and the updates must be done remotely using the MDM. In this scenario, the app will be owned by root, and if the automatic updates are not disabled, then the user will be prompted for a password on the automatic update.
Beyond Identity is working on getting the ability to have automatic updates by any user, and it is planned for a future release.