Tie teams and billing to what users can do.
Bring your own auth.
Trusted integrations
From team management to billing sync, all the pieces work together seamlessly.
Organize orgs, workspaces, and memberships.
Map commercial plans to real entitlements.
Assign/revoke seats and track who's active.
Grant exceptions per team/user, with expiry.
Kill/beta/% rules that never grant access on their own.
Stripe/Chargebee adapters and webhooks.
"Can this user use X?" with limits and evidence.
See who changed what and recent activity.
Push events and replicate data to your warehouse.
Three simple steps to plan-aware product access that works with your existing stack
Your IdP logs the user in. We don't replace your auth.
We evaluate team, plan, seats, and overrides to decide entitlement.
Your app calls the Decision API and applies allow/deny/limits in real time.
Call /decide with { teamId, userId, feature }. We return { result, limits, evidence } you can trust.
POST /api/v1/decide
Content-Type: application/json
{"teamId": "team_abc123",
"userId": "user_xyz789",
"feature": "ai-assistant"
}
// Response
{"result": "allow",
"limits": {"requests_per_month": 1000,
"seats": 5
},
"evidence": {"plan": "pro",
"override": null,
"rollout": "stable"
}
}
Built-in integrations with the tools you already use. No vendor lock-in.
Sync plans and seats from Stripe, Chargebee, or any billing provider
Works with Okta, Auth0, Clerk, WorkOS, or any OIDC provider
Webhooks and exports to your warehouse. Own your data.
Everything you need to know about implementing plan-aware access control
SaaS Plans works as an authorization layer on top of your existing authentication system. Whether you use Okta, Auth0, Clerk, WorkOS, or any OIDC provider, we handle the "what can this user access" decisions while your IdP handles "who is this user."
Feature flags control what features exist, while SaaS Plans controls who can use them. We're plan-aware access control - your commercial plans directly determine what users can access. Feature flags are operational; we're commercial.
We support usage limits, credits, and add-ons as first-class citizens. Our Decision API returns not just allow/deny, but also current usage counts, remaining credits, and rate limits. Perfect for AI API calls, storage quotas, or any metered feature.
We're designed for sub-millisecond response times with aggressive caching and fallback strategies. Our SDKs cache decisions locally and provide configurable fallback behavior. You can also run our decision engine on-premises for maximum reliability.
SaaS Plans works as an authorization layer on top of your existing authentication system. Whether you use Okta, Auth0, Clerk, WorkOS, or any OIDC provider, we handle the "what can this user access" decisions while your IdP handles "who is this user."
Feature flags control what features exist, while SaaS Plans controls who can use them. We're plan-aware access control - your commercial plans directly determine what users can access. Feature flags are operational; we're commercial.
We support usage limits, credits, and add-ons as first-class citizens. Our Decision API returns not just allow/deny, but also current usage counts, remaining credits, and rate limits. Perfect for AI API calls, storage quotas, or any metered feature.
We're designed for sub-millisecond response times with aggressive caching and fallback strategies. Our SDKs cache decisions locally and provide configurable fallback behavior. You can also run our decision engine on-premises for maximum reliability.
Yes. Our audit logs and decision explanations help you understand exactly how decisions are made. We provide migration tools and can gradually take over from your existing system. Many customers start by shadowing their current logic.
We support team hierarchies, custom overrides, time-based access, and complex seat assignments. Our enterprise customers use us for multi-tenant SaaS, internal tools, and complex B2B scenarios with thousands of users.
We store your team structure, plan assignments, and access decisions. All data is exportable via webhooks, direct database replication, or data warehouse connectors. You own your data completely.
We offer a generous free tier for development and small teams. Production pricing is based on monthly active users and decision volume. Contact us for enterprise pricing with volume discounts and custom SLAs.
Our team is here to help. Schedule a demo or reach out directly.
Ship pay-gated access without changing your auth. Start building better SaaS access control today.