Okta FastPass is not prompting for Microsoft Office Client Apps using the embedded browser on an unmanaged device by Okta.

If Device Trust is not in place or there are unmanaged devices, these errors might be seen in Okta Verify logs:

{🛑 "XPC service failure callback": {"message": "The operation couldn’t be completed. (Okta_Verify.XPCAutoUpdateManagerError error 3.)", "defaultProperties": "", "location": "AppLaunchCoordinator.swift:launchAutoUpdate(isEnabled:):292"}}

{🛑 "XPC service failure callback": {"message": "Couldn’t communicate with a helper application.", "defaultProperties": "", "location": "XPCAutoUpdateManager.swift:sendAutoUpdateConfiguration(bundleId:appVersion:autoUpdateEnabled:completion:):64"}} 

• Okta Identity Engine (OIE)
• Multi-Factor Authentication (MFA)
• FastPass
• Okta Verify app for macOS

Admins did not configure an SSO extension for managed and "not managed" macOS devices.

Devices do not need to be managed by Okta to apply the SSO Extension. However, they need to be managed by an MDM, and it does not matter if they are managed or unmanaged in Okta, especially those who will be using the Safari browser. If they are not managed by an MDM, the SSO extension cannot be pushed to devices.

NOTE: The SSO extension is not supported on Chrome or Firefox. These browsers communicate with Okta Verify using a local web server. They do not require an SSO extension to hide the Open Okta Verify prompt or to enable phishing resistance.

To solve this issue, please follow the steps below:

1. Configure an SSO extension for managed macOS devices.
2. Validate if the SSO extension is set up correctly.