Feature Flags

Control which features are available in your Account UI deployment using feature flags. All features are configured via environment variables.

Authentication Features

ENABLE_SIGNUP=true  # default: true

When enabled:

Shows "Sign Up" link on login page
/signup route is accessible
New users can create accounts

When disabled:

Signup route returns 404
Only existing users can log in
Useful for invite-only applications

Email Verification

ENABLE_EMAIL_VERIFICATION=true  # default: true

When enabled:

Users must verify email before full access
Verification email sent on signup
"Resend verification email" option available
Unverified users see verification prompt

When disabled:

Email addresses are trusted without verification
Users have immediate access after signup

Security Consideration

Disabling email verification can allow fake email addresses. Only disable if you have another verification mechanism.

Email Deliverability Check

DISABLE_EMAIL_STATUS_CHECK=false  # default: false

When false (checking enabled):

System validates email addresses are deliverable
Rejects disposable/temporary email providers
Prevents typos in domain names

When true (checking disabled):

Accepts all email formats
Useful for development/testing
Allows @test.com, @localhost, etc.

Passkeys (WebAuthn)

ENABLE_PASSKEYS=true  # default: true

When enabled:

Users can register passkeys (fingerprint, Face ID, hardware keys)
Passwordless login option
"Manage Passkeys" page available
Passkey setup wizard

When disabled:

No passkey registration
Password-only authentication

Requirements:

HTTPS (passkeys require secure context)
Modern browser with WebAuthn support

ENABLE_PASSKEY_SIGNUP=true  # default: true

When enabled (and browser supports WebAuthn):

"Create Account with Passkey" button on signup page
Creates an anonymous session, registers a passkey, then shows an email collection step
Users can optionally provide their name and email, or skip to go straight to dashboard
If email is provided and verification is required, user verifies via OTP then goes to dashboard
When email delivery is also configured, both passkey and email signup options are shown with an "Or" divider

When disabled:

Passkey signup option hidden on signup page
Users must sign up with email (passkey can still be added later from account settings)

Behavior when email is not configured:

If ENABLE_PASSKEY_SIGNUP=true and email delivery is not available, only passkey signup is shown
If both passkey signup and email are unavailable, a fallback message directs users to contact an administrator

Requirements:

HTTPS (WebAuthn requires secure context)
ENABLE_PASSKEYS=true (passkeys must be enabled)
anonymous plugin enabled on the backend

Email OTP

ENABLE_EMAIL_OTP=true  # default: true

When enabled:

Users can receive one-time passwords via email
Alternative to password login
/email-otp route available

When disabled:

No email OTP option
Password or passkey required

Magic Link

ENABLE_MAGIC_LINK=true  # default: true

When enabled:

Users can request email login links
Passwordless authentication via email
No password required

When disabled:

Password or other auth method required

ENABLE_SOCIAL_AUTH=false  # default: false

When enabled:

OAuth login with Google, GitHub, etc.
"Sign in with..." buttons
Social account linking

When disabled:

Email-based authentication only

Additional Configuration: Requires Better Auth social providers to be configured in your API.

Account Management Features

Account Deletion

ENABLE_ACCOUNT_DELETION=true  # default: true

When enabled:

"Delete Account" option in settings
Confirmation dialog with password check
Permanent account removal

When disabled:

No delete account option
Users must contact support to delete

File Uploads

VITE_ENABLE_FILE_UPLOADS=false  # default: false

When enabled:

Avatar/profile picture upload
Image cropping and editing
File upload to R2/S3

When disabled:

No file upload functionality
Users can only use default avatars

Requirements:

R2 bucket or S3 configured
Upload endpoints in your API

Theme Toggle

ENABLE_THEME_TOGGLE=true  # default: true

When enabled:

Light/dark mode switcher
User preference saved
System theme detection

When disabled:

Single theme mode
No theme switcher in UI

Organization Features

Organizations (Multi-Tenancy)

ENABLE_ORGANIZATIONS=true  # default: true

When enabled:

Users can create organizations
Organization management pages
Member invitations and roles
/organizations/* routes

When disabled:

Single-user mode only
No organization features
Simpler user experience

Includes:

Organization creation and deletion
Member management (owner, admin, member roles)
Invitation system
Organization settings

Teams

ENABLE_TEAMS=true  # default: true

When enabled (requires ENABLE_ORGANIZATIONS=true):

Sub-teams within organizations
Team-based permissions
Team management UI

When disabled:

Organization members only
No team structure

Admin Features

Admin Panel

ENABLE_ADMIN=true  # default: true

When enabled:

/admin route accessible to admin users
User management dashboard
Subscription management
Admin-only features:
- Create users manually
- Ban/unban users
- Reset user passwords
- View all sessions
- Manage subscriptions

When disabled:

No admin panel
Admin must use database directly

Requirements:

User must have admin role in database

Feature Combinations

Minimal Configuration (Password-Only)

ENABLE_SIGNUP=true
ENABLE_EMAIL_VERIFICATION=false
ENABLE_PASSKEYS=false
ENABLE_PASSKEY_SIGNUP=false
ENABLE_EMAIL_OTP=false
ENABLE_MAGIC_LINK=false
ENABLE_SOCIAL_AUTH=false
ENABLE_ORGANIZATIONS=false
ENABLE_ADMIN=false

Simple email/password authentication for single-tenant apps.

Maximum Security

ENABLE_SIGNUP=true
ENABLE_EMAIL_VERIFICATION=true
DISABLE_EMAIL_STATUS_CHECK=false
ENABLE_PASSKEYS=true
ENABLE_PASSKEY_SIGNUP=true
ENABLE_EMAIL_OTP=true
ENABLE_MAGIC_LINK=true
ENABLE_SOCIAL_AUTH=true
ENABLE_ACCOUNT_DELETION=true

All authentication methods with email verification and deliverability checks.

Multi-Tenant SaaS

ENABLE_SIGNUP=true
ENABLE_EMAIL_VERIFICATION=true
ENABLE_PASSKEYS=true
ENABLE_PASSKEY_SIGNUP=true
ENABLE_ORGANIZATIONS=true
ENABLE_TEAMS=true
ENABLE_ADMIN=true
VITE_ENABLE_FILE_UPLOADS=true

Full-featured SaaS with organizations, teams, and admin panel.

Invite-Only Platform

ENABLE_SIGNUP=false
ENABLE_EMAIL_VERIFICATION=true
ENABLE_PASSKEYS=true
ENABLE_ORGANIZATIONS=true
ENABLE_ADMIN=true

No public signup - users must be created by admin or invited to organizations.

Feature Detection

Check if a feature is enabled in your code:

import { isFeatureEnabled } from '@/config/app';

if (isFeatureEnabled('organizations')) {
  // Show organizations menu
}

if (isFeatureEnabled('passkeys')) {
  // Offer passkey setup
}

Get all enabled features:

import { getEnabledFeatures } from '@/config/features';

const enabled = getEnabledFeatures();
// ['organizations', 'admin', 'passkeys', ...]

Dynamic Feature Configuration

Override features at runtime:

import { setAppConfig } from '@/config/app';

setAppConfig({
  features: {
    organizations: false,  // Disable organizations
    passkeys: true,        // Enable passkeys
  },
});

Environment Takes Precedence

Environment variables set at build time take precedence over runtime configuration. Use runtime config for progressive feature rollouts or A/B testing.

Testing Features

For local development, create .env.local:

.env.local

# Test with all features enabled
ENABLE_SIGNUP=true
ENABLE_EMAIL_VERIFICATION=true
ENABLE_PASSKEYS=true
ENABLE_PASSKEY_SIGNUP=true
ENABLE_EMAIL_OTP=true
ENABLE_MAGIC_LINK=true
ENABLE_ORGANIZATIONS=true
ENABLE_TEAMS=true
ENABLE_ADMIN=true
VITE_ENABLE_FILE_UPLOADS=true
ENABLE_THEME_TOGGLE=true
DISABLE_EMAIL_STATUS_CHECK=true  # Allow test emails

Next Steps

Environment Variables - Complete variable reference
Customization - Customize UI text and labels
Worker Setup - Deploy your configuration

Feature Flags

On this page