Introducing Feature Flags: Enterprise Ready feature management for B2B apps

Today, we’re excited to launch Feature Flags, a new addition to the WorkOS platform, available to all AuthKit customers. With this release, B2B SaaS companies using WorkOS can now define, manage, and target features by organization, directly within the WorkOS dashboard.

Feature Flags are deeply integrated into the WorkOS platform and designed specifically for B2B applications, giving teams precise control over feature rollouts across their entire customer base, environments, and organizations.

What are feature flags?

Feature flags have become a fundamental tool in modern software development. They allow developers to enable or disable specific pieces of functionality in their application at runtime—without deploying new code. By decoupling feature availability from code deployment, engineering teams gain the flexibility to roll out updates more gradually, reduce risk, and improve the overall reliability of the release process.

In practical terms, feature flags give you the power to:

• Progressively roll out features to a subset of users or organizations before a full launch.
• Test new functionality in production with internal users or selected customers.
• Control access to features based on customer plans, organization types, or internal permissions.
• Quickly disable features that are causing issues, without having to rollback code or push emergency fixes.

While consumer-focused products often use feature flags for experimentation and A/B testing, B2B SaaS companies typically have more structured needs. They often want to enable or disable features for entire organizations, not just individual users—whether that’s for a beta program, a phased rollout, or based on contract terms.

That’s the exact use case we’ve built for: organization-aware feature flags, purpose-built for B2B applications.

Why we built feature flags — and why now

At WorkOS, our mission is to help SaaS companies get Enterprise Ready. That’s more than just SSO or SCIM—it’s about giving teams the tools to operate confidently at scale.

Internally, we've relied heavily on feature flags to roll out changes across our products, and we know firsthand how essential they are. But while researching options, we found most existing solutions cater to consumer apps or experimentation-focused workflows. What was missing was a feature flag system built for B2B companies—where feature access is often determined by organization-level permissions and rules, not just individual users or A/B cohorts.

With Feature Flags, we're delivering the system we believe should exist: a seamless, organization-based feature flag experience, built into the platform you already use (AuthKit, Directory Sync, and Audit Logs).

Get started with Feature Flags

Starting today, you can define and manage flags in the WorkOS dashboard > Feature Flags.

Each feature flag can be enabled for none, some, or all of your organizations.

Feature flags are available across all environments, but organization-specific rules are configured separately in each one. This makes it easy to isolate and test changes in staging or development before rolling them out to production. For example, you can enable a new dashboard feature for Acme Corp in staging without affecting their experience in production.

Once you define feature flags and set up organization rules, every JWT issued for a logged-in user of that organization will contain the feature flags they have enabled as claims.

	
{
  "iss": "https://api.workos.com",
  "sub": "user_01HBEQKA6K4QJAS93VPE39W1JT",
  "sid": "session_01HQSXZGF8FHF7A9ZZFCW4387R",
  "jti": "01HQSXZXPPFPKMDD32RKTFY6PV",
  "org_id": "org_01HRDMC6CM357W30QMHMQ96Q0S",
  "role": "member",
  "permissions": ["posts:read", "posts:write"],
  "exp": 1709193857,
  "iat": 1709193557,
  "feature_flags": ["feature-1", "feature-2"]
}
	

By parsing the feature_flags claim, your frontend or backend can immediately toggle application behavior, without an extra API call.

Available today – Included with AuthKit

Feature Flags are available starting today for all AuthKit users.

There’s no additional setup, no new API to wire up, and no infrastructure to manage. You simply:

• Navigate to the Feature Flags page in your WorkOS dashboard.
• Define your flags and set organization rules.
• Read active flags from your WorkOS-issued JWTs.

Flags are injected directly into the feature_flags claim in your JWT, so they’re available instantly on every login—no extra network calls or database lookups required. And because this is fully integrated into WorkOS, you can manage your organizations, authentication, and features all in one place.

We believe this is the fastest, simplest way to deliver controlled feature rollouts to your customers—and it’s designed from the ground up for B2B SaaS platforms like yours.

Check out the Feature Flags documentation to get started today.