Descope Emphasizes Passkeys and Agents

Descope is pushing into the parts of identity that move beyond simple user login screens. Clerk already supports WebAuthn passkeys, but its core strength is still fast setup for app sign up, sign in, and user management. Descope is leaning harder into passkeys as a configurable product surface, and into AI agent identity where teams need to decide which agent can call which tool, under whose authority, and with what audit trail.

• On passkeys, the difference is less basic support and more product emphasis. Clerk added passkeys in beta in April 2024 and exposes them as another auth strategy. Descope packages passkeys as a major no code workflow, with controls for domain specific behavior, device support checks, and passkey type restrictions.
  1 clerk 2 clerk 3 descope
• On AI agents, Descope has a dedicated control plane. Its Agentic Identity Hub manages agent authentication, per agent and per tool permissions, tenant isolation, delegated access, and audit logs for MCP servers and tool calls. That is a different problem from Clerk's main developer workflow of embedding sign in and org management into web apps.
  4 descope 5 descope 6 sacra
• The broader market is splitting by job to be done. Clerk is strongest in startup self serve and Next.js style developer adoption. Enterprise oriented identity vendors, including Descope in some deals, show up when the buyer needs more workflow customization, more policy control, or new machine identity use cases.
  5 descope 6 sacra 7 sacra 8 sacra

Going forward, identity vendors will separate into app login layers and decision engines for humans, agents, and tools. Clerk can keep winning where developers want the fastest path to production auth. Descope is aiming at the higher complexity layer, where passkeys become default and AI agents need governed access to real systems.