passkeys stakeholderPasskeys Strategy

Enterprise Passkeys Guide: Part 2 - Stakeholder Engagement

Find out how to engage business, privacy, and security stakeholders as well as third-party passkey authentication providers in large-scale passkey projects.

Blog-Post-Author

Vincent

Created: October 10, 2024

Updated: October 28, 2024


Our mission is to make the Internet a safer place, and the new login standard passkeys provides a superior solution to achieve that. That's why we want to keep you up to date on the latest developments in the industry.

Overview: Enterprise Guide#

1. Introduction#

Implementing passkeys in a large-scale consumer deployment is a significant undertaking that requires the support and collaboration of various stakeholders within your organization. After conducting the initial assessment of the application, authentication and MFA landscape, the next crucial step is stakeholder engagement in order to get the necessary teams on board and get the final project approval. This phase involves aligning different departments, addressing concerns, and securing the necessary approvals to move forward with the project.

In this article, we will:

  • Identify: Who are the most important key stakeholder groups and their roles in a passkey Project?
  • Engage: How to engage with each stakeholder category effectively and what are their important requirements?
  • DIY vs. Outsource: How to approach a passkey project consideration both internal implementation (DIY) and external outsourcing approaches?

By understanding and engaging stakeholders effectively, you can ensure a project that enhances security, improves user experience, and delivers a strong return on investment. In this article we will focus on all stakeholders except tech and product as we will cover that in another article.

Here are the previous articles of the passkeys enterprise guide series:

2. Stakeholder Categories and Their Roles#

Engaging stakeholders is essential for gaining the support and resources needed for a successful passkey integration in a large enterprise. Stakeholders can be grouped into the following categories, each with specific interests, responsibilities, and concerns that need to be addressed:

2.1 Business Stakeholders#

Business stakeholders are primarily concerned with the financial and strategic benefits of implementing passkeys. Their focus is on maximizing return on investment (ROI), reducing costs, and enhancing customer satisfaction to achieve a competitive edge.

Key Responsibilities:

  • Approving budgets and allocating resources
  • Evaluating the financial impact of the passkey project
  • Aligning the project with the organization’s broader goals and strategies

2.2 Privacy and Data Stakeholders#

Privacy and data stakeholders ensure that the project adheres to data protection laws and privacy regulations, such as GDPR, CCPA or APP. Their primary concern is minimizing data exposure risks and maintaining compliance throughout the implementation process.

Key Responsibilities:

  • Conducting assessments, such as the Privacy Assessment (PA)
  • Ensuring that data handling practices align with organizational policies and regulatory requirements
  • Verifying that user data is collected, stored, and processed securely
Substack Icon

Subscribe to our Passkeys Substack for the latest news, insights and strategies.

Subscribe

2.3 Security Stakeholders#

Security stakeholders are responsible for assessing and mitigating risks associated with passkey implementation. Their focus is on maintaining the integrity of the organization’s security infrastructure and aligning the project with relevant security standards and best practices.

Key Responsibilities:

  • Conducting a Security Risk Assessment (SRA) to identify and address potential threats
  • Ensuring the solution aligns with industry-specific security regulations
  • Performing regular security testing, such as penetration tests, to validate the security of the passkey system

2.4 Third-Party Providers (Optional for External Outsourcing Approach)#

If the organization opts for an external outsourcing approach, third-party providers are responsible for supplying and maintaining the passkey solution. Their focus is on delivering a secure, reliable service that aligns with the organization’s needs and compliance requirements.

Key Responsibilities:

  • Participating in a Third-Party Security Assessment to verify their security practices
  • Collaborating on establishing a Master Services Agreement (MSA) that defines service level objectives (SLOs) and service level agreements (SLAs)
  • Providing a Architecture Document to demonstrate how their solution integrates with the organization’s infrastructure and meets security requirements

Each stakeholder group brings a unique perspective and set of requirements to the table. By understanding their roles and engaging with them effectively, organizations can facilitate a well-rounded and informed approach to passkey implementation.

3. Engaging Business Stakeholders#

Business stakeholders are essential to gaining the necessary approvals and funding for a passkey implementation project. Their primary focus is on the financial and strategic benefits that passkeys can bring, including cost savings, improved customer satisfaction, and a competitive edge. Engaging these stakeholders effectively requires presenting a clear business case that demonstrates the return on investment (ROI) and long-term advantages of the project.

3.1 Business Case and ROI Calculation#

When creating a business case and ROI calculation it is important to demonstrate the financial and strategic benefits of implementing passkeys to gain approval from business leaders.

Key Considerations:

  • Cost Reduction: Emphasize the potential savings on SMS OTP costs, which can be substantial given the large-scale user base. Highlight additional cost savings from reduced account recovery efforts as passkeys eliminate the need for password-related support.
  • Security Enhancement: Illustrate how passkeys reduce the risk of account takeovers, enhancing customer trust and lowering costs associated with security incidents.
  • User Experience Improvement: Showcase how passkeys streamline the login experience, resulting in increased user satisfaction, reduced friction, and higher engagement.
  • Competitive Advantage: Position passkeys as a way to stay ahead of competitors by adopting a cutting-edge security standard that prioritizes both security and convenience.

Action Steps:

  1. Develop a Detailed ROI Analysis:
    • Calculate projected cost savings over a period of 36 months, focusing on SMS OTP costs and account recovery expenses.
    • Estimate the investment required for implementation, including any potential savings from improved operational efficiency.
    • Present potential revenue growth from enhanced user retention and acquisition due to improved security and user experience.
  2. Prepare a Business Case Document:
    • Include market research and industry trends supporting passkey adoption among comparable platforms.
    • Outline the strategic alignment with company goals, such as digital transformation, customer experience improvements, or regulatory compliance.
    • Address potential risks and mitigation strategies, showing that the project is well thought out.
  3. Present to Decision-Makers:
    • Schedule meetings with executives and finance departments to present the business case.
    • Use data-driven insights and projections to build a compelling argument for why passkeys are a valuable investment.

In case an external authentication passkey solution is used, make sure to include also those costs into the ROI business case.

Slack Icon

Become part of our Passkeys Community for updates and support.

Join

3.2 How Corbado Can Help#

Corbado can assist you in building a compelling business case by providing valuable insights and data that demonstrate the benefits of implementing passkeys. Here’s how we can help:

  • Expertise in ROI Calculation: We provide data on passkey adoption rates, SMS cost savings, and long-term ROI based on real-world case studies. Our experience with similar large-scale deployments allows us to supply accurate projections and cost-benefit analyses.
  • Access to Case Studies and Industry Insights: Corbado can share case studies showcasing how other organizations have successfully implemented passkeys and the positive impact on their user base. We also offer insights into market trends and emerging regulations, strengthening your business case. Some of the information is also available via our reviews of passkey implementations on our blog and on state-of-passkeys.io.
  • Customized Proposals: We can tailor our solutions to align with your specific business goals and provide detailed forecasts on cost reductions and operational savings. This includes analyzing your existing SMS OTP costs and calculating potential savings with high passkey adoption rates.

By leveraging Corbado’s resources, you can present a well-supported business case that highlights the strategic and financial benefits of passkey adoption, making it easier to gain the backing needed for a successful rollout.

Why Are Passkeys Important For Enterprises?

Passkeys for Enterprises

Enterprises worldwide face severe risks due to weak passwords and phishing. Passkeys are the only MFA method that meets enterprise security and UX needs. Our whitepaper shows how to implement passkeys efficiently and what the business impact is.

Passkeys for Enterprises

Download the whitepaper

If you have questions, feel free to  

contact us

4. Engaging Privacy and Data Stakeholders#

Privacy and data stakeholders are responsible for ensuring that any new technology, such as passkeys, aligns with data protection laws and internal privacy policies. These stakeholders focus on minimizing data exposure risks, complying with privacy regulations like GDPR, CCPA or APA, and ensuring that user data is handled securely. Effective engagement with this group involves demonstrating that passkey implementation will protect user privacy and meet potentially regulatory requirements.

4.1 Privacy Assessment#

By kicking off or preparing an privacy or data security assessement it can be ensured that the passkey implementation complies with privacy laws and data protection regulations, and that sensitive data is adequately safeguarded.

Key Considerations:

  • Data Classification and Minimization: Understand what data is processed during passkey authentication and ensure it is clear how information is collected and stored. For inhouse development this is usually not critical.
  • User Consent: Determine how user consent will be obtained and managed, especially for any data that is processed or transmitted as part of the passkey system.
  • Compliance with Privacy Regulations: Verify that the implementation aligns with relevant data protection laws, such as GDPR, CCPA, APA, and any industry-specific regulations.
  • Third-Party Data Handling: If using external vendors, assess how they process and store data, ensuring that they comply with privacy standards and regulations. Especially in this case a close alignment with the Third-Party and internal privacy stake holders is needed.

Action Steps:

  1. Conduct Privacy Assessment:
    • Work with the data governance and compliance teams to assess the sensitivity and value of the data involved in the passkey system especially in case full name and email is processed to be assigned with the passkey.
    • Identify potential privacy risks associated with passkey data processing and develop strategies to mitigate them.
    • Ensure that data handling practices align with organizational policies on data minimization and retention.
  2. Document Privacy and Data Protection Measures:
    • Prepare detailed reports on the types of data processed, storage durations, and access controls.
    • Update privacy policies to reflect any changes introduced by the passkey system, such as temporary data processing for passkey creation in case a Third-Party is involved.
    • Communicate updates to users, providing transparency around data processing practices and compliance efforts.

Regarding privacy it is important to understand the different phases of passkey creation and passkey login and which information are involved and where they are stored.

PhaseData InvolvedHow Data is TransmittedWho Processes the Data
Passkey CreationEmail, First Name, Last NameUsed server as part of passkey creation optionsServer (may include third-party provider) processes data to generate passkey creation options
Passkey LoginEmail (for passkey lookup)Sent from client to server to identify user accountServer might use data to look up registered passkeys

This table should be a summarized version where information is used, it is important to understand how the fields of the passkey ceremony actually work in order to determine the correct approach. How information will flow heavily depends only on your approach – make sure you understand if PII data is persisted outside your systems in case a third party provider is used.

4.2 How Corbado Can Help#

Corbado’s passkey solution is designed with privacy and data protection in mind, ensuring that your organization can meet privacy and strict regulatory requirements to safeguard user data. Here’s how our Corbado Connect implementation supports privacy and data protection for large-scale deployments:

  • No Permanent Storage of PII: In our Corbado Connect implementation, no Personally Identifiable Information (PII) is permanently stored. The system processes only the minimum required data—such as the user’s name and/or email—on a temporary basis to generate the passkey. Once the passkey is created, this information is no longer retained.
  • Use of Unique Identifiers: Corbado links each passkey to an existing unique identifier, such as a user-UUID or account-UUID, used by your current authentication system. This approach ensures that the passkey system does not require additional PII storage and can seamlessly integrate with your existing user management structure. To look up passkeys for an existing identifier we will use an API on your side which translates the user email to the internal user-UUID.
  • Detailed Audit Logs: Our solution includes comprehensive audit logging to track all passkey-related actions. These logs provide transparency into passkey creation, authentication attempts, and management activities, which is vital for both internal audits and regulatory compliance. All PII relevant data is redacted and deleted based on your internal policy.
  • Streamlined Audit Trails: Corbado Connect can stream audit logs to your existing audit trails, ensuring that passkey-related activities are logged in accordance with your organization’s compliance requirements. This feature allows your organization to maintain consistent audit trails across systems, reducing the burden of separate data handling processes.
  • Backend APIs: Corbado's backend API allows seamless integration with your existing backend and support systems. This API will be a part of your dedicated system installation, enabling direct connectivity for passkey management without the need for additional applications. This ensures a tightly integrated system, streamlining the management and enhancing security while maintaining your operational flow. For more details on dedicated system installation see the next section.

By leveraging Corbado’s privacy-conscious approach to passkey implementation, you can ensure data minimization, comply with privacy regulations, and provide transparent and secure data processing for large-scale deployments. This approach not only aligns with privacy & regulatory requirements but also builds trust with users by demonstrating a commitment to their privacy and data protection.

StateOfPasskeys Icon

Want to find out how many people can use passkeys?

View Adoption Data

5. Engaging Security Stakeholders#

Security stakeholders are responsible for assessing and managing the risks associated with introducing new authentication technologies like passkeys. Their focus is on ensuring that passkeys enhance the organization’s security posture, align with regulatory requirements, and integrate seamlessly with existing security infrastructure. Engaging these stakeholders effectively involves demonstrating that the passkey system meets security standards and offers robust, auditable controls.

5.1 Security Risk Assessment (SRA)#

With a Security Risk Assessment you can evaluate the security implications of implementing passkeys and ensure they meet the organization's security requirements, while integrating seamlessly into the existing authentication and MFA landscape. This is usually done by a Security Specialist or Architect within the Security Team. This is especially critical in case external components or a Third-Party-Solution is used.

Key Considerations:

  • Threat Analysis: Identify potential security threats associated with the passkey system, such as vulnerabilities in the authentication flow, data exposure risks, and access management.
  • Compliance with Security Regulations (Third-Party): Ensure that the passkey solution meets industry-specific regulatory requirements and complies with security frameworks such as NIST, ISO, and SOC2.
  • Infrastructure Impact and Continuity (Third-Party): Assess how passkeys will fit within the existing security infrastructure, including MFA systems, and ensure that the system offers continuity features such as multi-AZ (Availability Zone) redundancy, cold standby options, and support for disaster recovery in multiple regions.
  • Data Locality and Regulatory Compliance (Third-Party): Deterine whether the passkey system can accommodate data residency requirements, enabling deployment in specific regions to comply with local data regulations and requirements.

Action Steps:

  1. Conduct an SRA:
    • Collaborate with cybersecurity and compliance teams to analyze security risks associated with passkey integration.
    • Identify and document potential threats, vulnerabilities, and compliance gaps, and develop strategies to mitigate these risks.
    • Evaluate how the passkey system aligns with existing security policies and practices, especially in the context of MFA systems and data residency requirements.
  2. Implement Security and Availability Measures for Third-Parties:
    • Ensure that the passkey system meets high availability and disaster recovery requirements, with options for multi-AZ redundancy, cross-region failover, and regulated environment setups with escrow agreements.
    • Confirm that the deployment strategy aligns with organizational requirements for data locality, especially for regions with strict data residency laws.
    • Prepare for security testing, such as penetration tests and vulnerability assessments, to validate the security of the passkey implementation.

The SRA therefore focuses on two major components: first, the actual factual security of the usage of passkeys, and at the same time, in case an external vendor is used, on how this system fits into the organizational requirements.

5.2 How Corbado Can Help#

Corbado specializes in integrating passkeys into existing app, authentication, and MFA landscapes, ensuring that security is enhanced across all vectors while meeting compliance and continuity requirements. Here’s how Corbado supports your organization’s security needs for large-scale passkey deployments:

  • Seamless MFA Integration: Corbado is experienced in evaluating and integrating passkeys into existing MFA setups. We carefully assess how passkeys interact with other authentication factors to maintain and improve the security of your entire MFA system. This ensures that all MFA vectors remain robust, secure, and effective against common threats.
  • Dedicated AWS Deployments in Any Region: To respect data locality and meet regulatory requirements, Corbado offers dedicated AWS deployments in any requested region. This allows your organization to deploy passkeys in specific geographical locations, ensuring compliance with local data residency laws while maintaining the same high security and availability standards.
  • Comprehensive Continuity and Availability Options: At Corbado, we prioritize continuity and availability, providing deployment configurations that range from multi-AZ setups to cold standby options in different regions. For regulated environments, we can offer escrow agreements and auditable instances, giving your organization peace of mind and reliable access to data and services.
  • Certifications and Compliance: Corbadohas been built upon ISO and SOC2 standards, demonstrating our commitment to security, privacy, and operational excellence. Additionally, we have undergone a Well-Architected Review to validate our architecture and ensure it meets the best AWS practices as Amazon Partner. This enables us to deliver secure, reliable passkey deployments tailored to your organization’s needs.

By partnering with Corbado, your organization gains access to a passkey solution that is designed for security, privacy, regulatory compliance, and high availability. Our expertise in integrating passkeys into existing authentication and MFA landscapes, combined with our flexible deployment options and strong security credentials, ensures a seamless and compliant implementation.

6. Engaging Third-Party Providers (External Outsourcing Approach)#

For organizations that choose to implement passkeys through external vendors, engaging third-party providers effectively is critical. This involves conducting thorough assessments to ensure that potential vendors meet your organization's security, compliance, and operational standards. Key documents and agreements, such as a Third-Party-Assessment (TPA) and a Master Services Agreement (MSA) with specific Service Level Objectives (SLOs) and Service Level Agreements (SLAs), play a vital role in defining expectations and ensuring accountability.

6.1 Third-Party Assessment#

The process of onboarding is different in large enterprises and comes in various shapes and forms. Sometimes it is not required when certifications are available; other times, it is conducted internally or via a professional vendor risk assessment.

6.1.1 Conduct a TPA#

In case a TPA is needed it evaluate the security posture of potential vendors to ensure they meet your organization’s security and regulatory requirements.

Key Considerations:

  • Vendor Credentials: Review the vendor's certifications, compliance records, and overall security policies to confirm they meet your organization’s standards.
  • Security Assessment: Conduct a thorough review of the vendor’s security practices, including how they manage data protection, incident response, and risk mitigation.
  • Regulatory Compliance: Ensure the vendor complies with any industry-specific regulations relevant to your organization, especially if the deployment will occur in regions with stringent data protection laws.

Action Steps:

  • Distribute Security Questionnaires: Request detailed information on the vendor’s security practices, including data encryption, authentication methods, and access controls.
  • Conduct Vendor Audits: If necessary, perform on-site or remote audits to review the vendor’s security infrastructure and verify that it aligns with your requirements.
  • Request Background Checks: For regulated industries, ensure that all personnel handling your data have passed background checks in line with your local jurisdiction’s requirements.

As this process is a regular step in large enterprises, keep a potential third party in the loop about the requirements and ensure they understand the specific requirements.

Demo Icon

Want to try passkeys yourself? Check our Passkeys Demo.

Try Passkeys

6.1.2 How Corbado Can Help You#

Corbado is well-prepared to support your organization through third-party security assessments. Here’s how we assist:

  • Comprehensive Certification Portfolio: In addition to ongoing certifications such as ISO and SOC2, we can provide detailed documentation and participate in your custom vendor assessment process, directly addressing relevant security checks.
  • Tailored Assessments for Regulated Industries: For organizations in regulated sectors, Corbado can provide background checks for our personnel handling your data. If required, we can also facilitate additional personnel background checks that align with specific local jurisdiction requirements.
  • Active Collaboration: Our team works closely with your security and compliance departments to ensure that we meet all requirements, making the assessment process efficient and transparent.

Overall, Corbado is aware that customer authentication is at the core of every large enterprise. We are happy to be part of internal reviews and provide anything needed for the project team.

6.2 Master Services Agreement with SLO/SLA#

An enterprise contract of a passkey project with an external vendor is centered around the passkey functionality and how it is embedded into the existing landscape. Equally important is to cover all non-product-related enterprise requirements, and this should be clearly set out in an agreement.

6.2.1 Setup an Enterprise Agreement#

Establish a formal agreement with the vendor that outlines operational standards, compliance requirements, and reporting protocols, ensuring that the passkey solution meets your organization’s needs.

Key Considerations:

  • Operations:
    • Data Privacy and Residency: Define how the vendor will comply with data residency requirements, particularly for countries with strict data privacy laws, such as Australia.
    • High Availability and Disaster Recovery: Specify availability targets and disaster recovery protocols to ensure continuity of service and refer to the SRA.
    • Custom SLAs/SLOs: Tailor service commitments to ensure 24/7 support and incident management tailored to your organization’s specific needs.
  • Compliance:
    • Certifications and Audits: Require up-to-date certifications (ISO, SOC2) and allow for audit rights to verify compliance. Include provisions for an escrow agreement if needed to ensure deployability in case of emergencies.
    • Regulatory Oversight: Include audit rights for your team and access to a break-glass administrator for emergency access to the AWS environment.
    • Exit Strategy: Establish a clear exit strategy, with data portability options to ensure a smooth transition should the relationship end.
  • Reporting and Control:
    • Audit Logs: Require audit logging to trace errors, monitor security incidents, and provide a complete history of user actions.
    • Management Dashboard: Access a central cockpit for overseeing your passkey deployment and managing user engagement.
    • Analytics and Reporting: Include requirements for regular reporting on relevant KPIs, providing insight into the performance and adoption of the passkey system.

Depending on your organization's size, there might be even more components and existing MSAs that need to be addressed. It is important to ensure your external vendor can help with this.

6.2.2 How Corbado Can Help you#

Corbado’s MSA with SLO/SLA is customized to meet the specific operational, compliance, and reporting needs of your organization. Here’s how we ensure a comprehensive and flexible agreement:

  • Operations:
    • Data Residency Compliance: Corbado ensures adherence to local data residency laws by offering deployments in specific regions, such as Australia, to meet data privacy requirements.
    • High Availability and Disaster Recovery: Our SLA includes multi-AZ configurations, cross-region replication and disaster recovery options, ensuring continuous service even during regional outages. We also provide 24/7 support and incident management customized to your operational needs.
    • Customizable SLOs/SLA: We tailor our agreements to include any specific operational requirements you may have, guaranteeing that our services meet your standards for availability and support.
  • Compliance:
    • Certifications and Regulatory Requirements: Corbado has been built upon ISO and SOC2 standards. In addition we can also directly participate in compliance or regulatory audits as needed. We offer audit rights and access to a break-glass administrator to ensure oversight and emergency access.
    • Escrow and Deployability: For added peace of mind, we provide escrow agreements with proof of deployability, allowing you to retain access to your data and application continuity.
    • Dedicated Security Testing: Our agreement includes regular penetration testing and security audits to maintain the highest security standards.
  • Reporting and Control:
    • Detailed Audit Logs: We offer comprehensive audit logging capabilities, allowing you to trace errors and even replay user sessions if needed.
    • Management Cockpit: With Corbado’s management dashboard, you can centrally control and monitor your passkey rollout, adjusting settings and monitoring performance as needed.
    • Analytics and KPI Reporting: Access detailed analytics and reporting tools to track user engagement, adoption rates, and other key performance indicators, ensuring you have full visibility into your passkey implementation’s impact.

With Corbado’s customizable MSA and tailored SLO/SLA, your organization benefits from a partnership that prioritizes compliance, operational continuity, and detailed reporting. Our approach allows you to implement passkeys securely and reliably, with full control over your deployment and the peace of mind that comes from dedicated support and robust contractual commitments.

7. Internal vs. External Implementation Approaches#

When deciding to implement passkeys for a large-scale consumer deployment, organizations must choose between an internal (DIY) approach and an external outsourcing approach with a third-party provider. Each option has its own set of advantages and challenges, especially when it comes to meeting the needs and expectations of internal stakeholders.

An internal implementation approach offers more control over the deployment and customization but often requires significant resources, both in terms of budget and personnel. This approach may be suitable for organizations with a strong internal development team and experience in authentication and security systems. However, the lack of experience in managing a large-scale passkey implementation might slow down the process and increase the risk of technical challenges and end in low passkey adoption and much lower savings.

On the other hand, an external implementation approach allows the organization to leverage the expertise of a specialized provider, which can speed up deployment and ensure compliance with industry standards. While this option may reduce internal resource demands, it does come with certain trade-offs, such as less direct control over the implementation process and potential concerns about data residency and privacy. The great advantage is saving time and actually maximizing passkey adoption and generate higher savings.

To aid in the decision-making process, the table below compares the two approaches across several key characteristics with a focus on how each impacts internal stakeholders.

internal stakeholder goals

product related outcome

We understand that organizations may face a difficult choice between these two approaches. Both options have distinct benefits and potential challenges, and the best choice depends on your organization’s specific needs, resources, and priorities. At Corbado, we can help you navigate this decision-making process by providing insights into the trade-offs and helping you weigh your options in a way that aligns with your business goals and internal stakeholder expectations.

8. Best Practices for Stakeholder Engagement#

Engaging stakeholders effectively is crucial to ensure the success of a large-scale passkey implementation. Clear communication, alignment of goals, and a well-thought-out plan are essential to gain buy-in and maintain momentum throughout the deployment process. Here are some best practices for engaging stakeholders, along with how Corbado can support you in this critical phase.

8.1 Effective Communication#

Keep all stakeholders informed and engaged by establishing open, transparent lines of communication.

Best Practices:

  • Tailored Messaging: Customize your communication based on each stakeholder’s interests and level of technical understanding. For example, executive leadership may be more interested in ROI and strategic value, while IT teams may want to understand the technical details.
  • Regular Updates: Schedule regular check-ins, project updates, and progress reports to keep stakeholders informed. Use these opportunities to celebrate milestones, address concerns, and adjust plans as needed.
  • Transparent Dialogue: Create a culture of openness, where stakeholders feel comfortable asking questions, raising concerns, and providing feedback. This can improve collaboration and build trust across departments.

How Corbado Can Help You:

  • Educational Resources: Corbado provides comprehensive documentation, case studies, and tailored presentations that explain the benefits and technical aspects of passkeys, making it easier to communicate with diverse stakeholders.
  • Expert Support: Our team is available to participate in stakeholder meetings to address questions and concerns, ensuring that technical details are accurately conveyed and well-understood.
  • Customized Communication Materials: We can help you create messaging and materials that align with the interests of your various stakeholder groups, streamlining the communication process and promoting alignment.

8.2 Aligning Stakeholder Objectives#

Ensure that the passkey implementation aligns with the strategic goals and operational needs of all stakeholders.

Best Practices:

  • Collaborative Planning: Involve stakeholders from the outset in planning and decision-making. This includes defining goals, identifying potential challenges, and agreeing on key metrics for success.
  • Common Goals: Emphasize how the passkey implementation supports the broader objectives of the organization, such as enhancing security, improving user experience, and achieving regulatory compliance.
  • Proactively Addressing Concerns: Identify potential objections early and work with stakeholders to find solutions. For example, the security team may be concerned about data residency, while the operations team may focus on integration and uptime.

How Corbado Can Help You:

  • Aligning Solutions with Business Goals: Corbado’s passkey solutions are designed to align with key business goals, including reducing costs, increasing security, and improving user satisfaction. We work closely with your team to ensure our implementation meets these objectives.
  • Cross-Departmental Workshops: Our team can facilitate workshops with different departments, helping to align priorities and gain consensus on the passkey deployment strategy.
  • Customized Solutions for Diverse Needs: We understand that each department may have unique requirements. Corbado offers flexible solutions that adapt to the specific needs of security, compliance, IT, and business stakeholders, promoting a well-rounded and coordinated implementation.

8.3 Gaining Approval#

Secure formal approval and ongoing support from key decision-makers to move forward with the passkey project.

Best Practices:

  • Data-Driven Proposals: Use evidence-based projections, such as ROI calculations, case studies, and cost-benefit analyses, to support your proposal. Highlight potential cost savings, operational efficiencies, and enhanced security benefits.
  • Pilot Programs: Consider proposing a pilot implementation to demonstrate the benefits of passkeys on a smaller scale before rolling out organization-wide. This can reduce perceived risk and build confidence among stakeholders.
  • Executive Sponsorship: Engage senior leaders to champion the project. Having an executive sponsor can facilitate faster approvals, increase buy-in across the organization, and ensure that passkey adoption is prioritized.

How Corbado Can Help You:

  • Pilot Solutions and Proof of Concept: Corbado can help you set up a pilot program or proof of concept, showcasing the benefits of passkeys and demonstrating feasibility in a controlled environment.
  • Success Stories and Industry Insights: We provide case studies and examples of successful passkey implementations in similar organizations, helping to build a compelling case for your decision-makers.
  • Executive Briefings: Our team can participate in high-level presentations and briefings, providing insights into the technical and strategic benefits of passkeys to support executive decision-making. We are also happy to help you create board materials in form of data and presentation input.

Effective stakeholder engagement is important to any successful passkey implementation in large scale enterprises. By focusing on clear communication, aligning goals, and building a strong business case, you can gain the buy-in and support necessary to drive the project forward. Corbado is here to support you every step of the way, providing resources, expertise, and tailored solutions to ensure that your organization realizes the full benefits of passkeys. Whether you need help with communication materials, alignment workshops, or executive briefings, our team is ready to assist you in making your passkey deployment a success.

9. Conclusion#

Implementing passkeys for large-scale consumer deployments represents a significant advancement in security, user experience, and potential cost savings. However, the success of such an initiative hinges on effectively engaging the right stakeholders and aligning with organizational objectives. In this guide, we addressed the following key questions:

  • Identify: We explored the roles of business, privacy, data, and security stakeholders, along with third-party providers when an external approach is adopted.
  • Engage: By understanding the interests and concerns of each stakeholder group, you can tailor your approach to foster alignment and collaboration, ultimately securing the necessary support for your project.
  • DIY vs. Outsource: We examined the trade-offs between internal and external implementations, highlighting control, expertise, resource allocation, and compliance considerations to help your organization make an informed decision.

By addressing these questions, you can build a strong foundation for your passkey project, ensuring that it aligns with your organization’s strategic goals and meets the expectations of each stakeholder group. At Corbado, we are dedicated to supporting your journey with tailored resources, industry insights, and expert guidance. Whether you pursue an internal or external approach, our team is here to help you realize the full benefits of passkeys with secure, compliant, and effective deployment options.

Share this article


LinkedInTwitterFacebook

Enjoyed this read?

🤝 Join our Passkeys Community

Share passkeys implementation tips and get support to free the world from passwords.

🚀 Subscribe to Substack

Get the latest news, strategies, and insights about passkeys sent straight to your inbox.


We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour

Start for free