Feature Flags

Control which features are available in your Account UI deployment using feature flags. All features are configured via environment variables.

Authentication Features

ENABLE_SIGNUP=true  # default: true

Controls whether new users can register. Wired to the ENABLE_SIGNUP env var.

When enabled:

Shows "Sign Up" link on login page
/signup route is accessible
New users can create accounts

When disabled:

Signup route returns 404
Only existing users can log in
Useful for invite-only applications

Email Verification

ENABLE_EMAIL_VERIFICATION=true  # default: true

Controls the email verification flow. Wired to the frontend via the ENABLE_EMAIL_VERIFICATION env var.

When enabled:

Users must verify email before full access
Verification email sent on signup
"Resend verification email" option available
Unverified users see verification prompt

When disabled:

Email addresses are trusted without verification
Users have immediate access after signup

Security Consideration

Disabling email verification can allow fake email addresses. Only disable if you have another verification mechanism.

Email Deliverability Check

DISABLE_EMAIL_STATUS_CHECK=false  # default: false

When false (checking enabled):

System validates email addresses are deliverable
Rejects disposable/temporary email providers
Prevents typos in domain names

When true (checking disabled):

Accepts all email formats
Useful for development/testing
Allows @test.com, @localhost, etc.

ENABLE_PASSKEY=true  # default: true

Controls passkey LOGIN only (not signup). When enabled, users can authenticate using passkeys.

When enabled:

Users can register passkeys (fingerprint, Face ID, hardware keys)
Passwordless login option
"Manage Passkeys" page available

When disabled:

No passkey registration
No passkey login option

Requirements:

HTTPS (passkeys require secure context)
Modern browser with WebAuthn support

Email OTP

ENABLE_EMAIL_OTP=true  # default: true

When enabled:

Users can receive one-time passwords via email
Alternative to password login
/email-otp route available

When disabled:

No email OTP option
Password or passkey required

Password Authentication

ENABLE_PASSWORD=false  # default: false

When enabled:

Email + password fields on login page
Password field on signup page
Traditional username/password authentication

When disabled:

No password fields shown
Users authenticate via email OTP or passkey

Account Management Features

File Uploads

VITE_ENABLE_FILE_UPLOADS=false  # default: false

When enabled:

Avatar/profile picture upload
Image cropping and editing
File upload to R2/S3

When disabled:

No file upload functionality
Users can only use default avatars

Requirements:

R2 bucket or S3 configured
Upload endpoints in your API

Organization Features

Organizations (Multi-Tenancy)

ENABLE_ORGANIZATIONS=true  # default: true

When enabled:

Users can create organizations
Organization management pages
Member invitations and roles
/organizations/* routes

When disabled:

Single-user mode only
No organization features
Simpler user experience

Includes:

Organization creation and deletion
Member management (owner, admin, member roles)
Invitation system
Organization settings

Admin Features

Admin Panel

ENABLE_ADMIN=true  # default: true

When enabled:

/admin route accessible to admin users
User management dashboard
Subscription management
Admin-only features:
- Create users manually
- Ban/unban users
- Reset user passwords
- View all sessions
- Manage subscriptions

When disabled:

No admin panel
Admin must use database directly

Requirements:

User must have admin role in database

Feature Combinations

Minimal Configuration (Password-Only)

ENABLE_PASSKEY=false
ENABLE_EMAIL_OTP=false
ENABLE_PASSWORD=true
ENABLE_ORGANIZATIONS=false
ENABLE_ADMIN=false

Simple email/password authentication for single-tenant apps.

Maximum Security

ENABLE_PASSKEY=true
ENABLE_EMAIL_OTP=true
ENABLE_PASSWORD=false
ENABLE_EMAIL_VERIFICATION=true

All authentication methods with email verification and deliverability checks.

Multi-Tenant SaaS

ENABLE_PASSKEY=true
ENABLE_EMAIL_OTP=true
ENABLE_ORGANIZATIONS=true
ENABLE_ADMIN=true

Full-featured SaaS with organizations, teams, and admin panel.

Invite-Only Platform

ENABLE_SIGNUP=false
ENABLE_PASSKEY=true
ENABLE_ORGANIZATIONS=true
ENABLE_ADMIN=true

No public signup - users must be created by admin or invited to organizations.

Feature Detection

Check if a feature is enabled in your code:

import { isFeatureEnabled } from '@/config/app';

if (isFeatureEnabled('organizations')) {
  // Show organizations menu
}

if (isFeatureEnabled('passkey')) {
  // Offer passkey setup
}

Dynamic Feature Configuration

Override features at runtime:

import { setAppConfig } from '@/config/app';

setAppConfig({
  features: {
    organizations: false,  // Disable organizations
    passkey: true,         // Enable passkey
  },
});

Environment Takes Precedence

Environment variables set at build time take precedence over runtime configuration. Use runtime config for progressive feature rollouts or A/B testing.

Testing Features

For local development, create .env.local:

.env.local

# Test with all features enabled
ENABLE_SIGNUP=true
ENABLE_EMAIL_VERIFICATION=true
ENABLE_PASSKEY=true
ENABLE_EMAIL_OTP=true
ENABLE_PASSWORD=true
ENABLE_ORGANIZATIONS=true
ENABLE_ADMIN=true
VITE_ENABLE_FILE_UPLOADS=true
DISABLE_EMAIL_STATUS_CHECK=true  # Allow test emails

Next Steps

Environment Variables - Complete variable reference
Customization - Customize UI text and labels
Worker Setup - Deploy your configuration

Feature Flags

On this page