corbado.com

What It Is

Corbado positions itself as a Passkey Intelligence Platform. Its focus is not traditional WAF, EDR, or vulnerability scanning, but enterprise authentication observability, adoption improvement, and rollout control around passkeys/WebAuthn. It can work while keeping an existing IDP in place, aiming to help teams understand passkey registration, login, fallback, device compatibility, and the reasons behind user drop-off.

Core Capabilities and Deployment

The product is split into Observe and Connect. Observe is an observability layer for organizations that have already launched passkeys, offering funnels, individual user journeys, error classification, and device/browser/authenticator readiness insights. Connect provides hosted passkeys, SDKs, UI components, rollout control, and analytics. Deployment emphasizes a lightweight SDK, asynchronous HTTPS POST, non-blocking behavior, no backend changes, and no IDP replacement. Corbado also states that it collects telemetry rather than passwords, private keys, PII, session tokens, or secrets.

Compliance, Integrations, and Management

Corbado explicitly mentions ISO27001, SOC 2 Type II, GDPR, AWS Well-Architected Framework Review, and Dedicated AWS instances. On the integration side, it can coexist with Okta, Auth0, Ping, ForgeRock, Cognito, or a custom identity stack, and it also fills the authentication-journey visibility gap between SIEM/APM and product analytics. Management features include Rollout Rules, Decision Rules, gradual rollout by cohort/region/browser/device, stakeholder dashboards, and AI-assisted analysis, though the main content does not specify particular alerting channels.

Pricing, Pros, and Cons

Pricing is not public; users need to book a demo or contact sales to discuss it. Its strengths are clear positioning, low deployment intrusiveness, coverage of common passkey production challenges, and a VicRoads case study citing 5M+ users and 80% activation. The drawbacks are that its use case is fairly vertical, so short-term value may be limited if an enterprise has not yet started moving toward passkeys. It also lacks public pricing, SLA details, China nodes, and Chinese-language service information.

Who It’s For and Access from China

It is better suited to large-scale B2C CIAM teams in banking, payments, e-commerce, telecom, healthcare, the public sector, and similar industries—especially organizations that have already integrated passkeys or are preparing to roll them out, need to prove ROI, and want to reduce OTP, account recovery, and support costs. Access from China, payment methods, and local compliance are not disclosed, so they should be considered unknown. Domestic alternatives could combine existing IAM, monitoring, and analytics tools to achieve part of the functionality, but the passkey-specific journey insights may not be equivalent.