diff --git a/app/assets/javascripts/token_access/components/token_access_app.vue b/app/assets/javascripts/token_access/components/token_access_app.vue
index 59d5975773561c0ca223effba7edb6dcb910edcb..089159ac87b763410e2a9b580ad01b20c33843e0 100644
--- a/app/assets/javascripts/token_access/components/token_access_app.vue
+++ b/app/assets/javascripts/token_access/components/token_access_app.vue
@@ -1,5 +1,4 @@
 <script>
-import glFeatureFlagMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
 import OutboundTokenAccess from './outbound_token_access.vue';
 import InboundTokenAccess from './inbound_token_access.vue';
 import OptInJwt from './opt_in_jwt.vue';
@@ -10,17 +9,11 @@ export default {
     InboundTokenAccess,
     OptInJwt,
   },
-  mixins: [glFeatureFlagMixin()],
-  computed: {
-    inboundTokenAccessEnabled() {
-      return this.glFeatures.ciInboundJobTokenScope;
-    },
-  },
 };
 </script>
 <template>
   <div>
-    <inbound-token-access v-if="inboundTokenAccessEnabled" class="gl-pb-5" />
+    <inbound-token-access class="gl-pb-5" />
     <outbound-token-access class="gl-py-5" />
     <opt-in-jwt />
   </div>
diff --git a/app/controllers/projects/settings/ci_cd_controller.rb b/app/controllers/projects/settings/ci_cd_controller.rb
index 4ca665679c02f38fef5f7791de033c54766f4a9e..b330aacf3e95f163a463a162a7e60415922b1667 100644
--- a/app/controllers/projects/settings/ci_cd_controller.rb
+++ b/app/controllers/projects/settings/ci_cd_controller.rb
@@ -12,10 +12,6 @@ class CiCdController < Projects::ApplicationController
       before_action :check_builds_available!
       before_action :define_variables
 
-      before_action do
-        push_frontend_feature_flag(:ci_inbound_job_token_scope, @project)
-      end
-
       helper_method :highlight_badge
 
       feature_category :continuous_integration
diff --git a/app/graphql/mutations/ci/project_ci_cd_settings_update.rb b/app/graphql/mutations/ci/project_ci_cd_settings_update.rb
index d214aa46cfc8aadeceb9967a0f7b97bb41633ff1..fcba729d460161dd2334feb6039d9a0affa4a7e0 100644
--- a/app/graphql/mutations/ci/project_ci_cd_settings_update.rb
+++ b/app/graphql/mutations/ci/project_ci_cd_settings_update.rb
@@ -39,8 +39,6 @@ class ProjectCiCdSettingsUpdate < BaseMutation
       def resolve(full_path:, **args)
         project = authorized_find!(full_path)
 
-        args.delete(:inbound_job_token_scope_enabled) unless Feature.enabled?(:ci_inbound_job_token_scope, project)
-
         settings = project.ci_cd_settings
         settings.update(args)
 
diff --git a/app/models/ci/job_token/scope.rb b/app/models/ci/job_token/scope.rb
index 20775077bd8bd0888d0176c68d5d205d35bb7728..f389c642fd8b834d55c3aeb106ef13e7474a4e36 100644
--- a/app/models/ci/job_token/scope.rb
+++ b/app/models/ci/job_token/scope.rb
@@ -58,8 +58,7 @@ def outbound_accessible?(accessed_project)
       end
 
       def inbound_accessible?(accessed_project)
-        # if the flag or setting is disabled any project is considered to be in scope.
-        return true unless Feature.enabled?(:ci_inbound_job_token_scope, accessed_project)
+        # if the setting is disabled any project is considered to be in scope.
         return true unless accessed_project.ci_inbound_job_token_scope_enabled?
 
         inbound_linked_as_accessible?(accessed_project)
diff --git a/app/models/project.rb b/app/models/project.rb
index 1909ed8dfdd1c54daa7a54a13bff577c0f554aed..003735419f01beb8cb951e17e920d9a11ab747a5 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -2974,7 +2974,7 @@ def ci_outbound_job_token_scope_enabled?
   end
 
   def ci_inbound_job_token_scope_enabled?
-    return false unless ci_cd_settings
+    return true unless ci_cd_settings
 
     ci_cd_settings.inbound_job_token_scope_enabled?
   end
diff --git a/app/models/project_ci_cd_setting.rb b/app/models/project_ci_cd_setting.rb
index 8741a341ad3d1070f69ac17f1a1779cd8edc793f..cc9003423be687496eb70cfff8ebd06b7b84961c 100644
--- a/app/models/project_ci_cd_setting.rb
+++ b/app/models/project_ci_cd_setting.rb
@@ -20,10 +20,6 @@ class ProjectCiCdSetting < ApplicationRecord
   attribute :forward_deployment_enabled, default: true
   attribute :separated_caches, default: true
 
-  default_value_for :inbound_job_token_scope_enabled do |settings|
-    Feature.enabled?(:ci_inbound_job_token_scope, settings.project)
-  end
-
   chronic_duration_attr :runner_token_expiration_interval_human_readable, :runner_token_expiration_interval
 
   def keep_latest_artifacts_available?
diff --git a/app/services/ci/job_token_scope/add_project_service.rb b/app/services/ci/job_token_scope/add_project_service.rb
index 15553ad6e925dd83f883c13a189228595e742bbe..4f745042f074e9598f616368326c36f5a20f542b 100644
--- a/app/services/ci/job_token_scope/add_project_service.rb
+++ b/app/services/ci/job_token_scope/add_project_service.rb
@@ -6,8 +6,6 @@ class AddProjectService < ::BaseService
       include EditScopeValidations
 
       def execute(target_project, direction: :outbound)
-        direction = :outbound if Feature.disabled?(:ci_inbound_job_token_scope)
-
         validate_edit!(project, target_project, current_user)
 
         link = allowlist(direction)
diff --git a/config/feature_flags/development/ci_inbound_job_token_scope.yml b/config/feature_flags/development/ci_inbound_job_token_scope.yml
deleted file mode 100644
index a0e2e09dde583f4078b0bb9a6a2c758fe3743d2b..0000000000000000000000000000000000000000
--- a/config/feature_flags/development/ci_inbound_job_token_scope.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: ci_inbound_job_token_scope
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/99165
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/376063
-milestone: '15.5'
-type: development
-group: group::pipeline execution
-default_enabled: true
diff --git a/spec/frontend/token_access/token_access_app_spec.js b/spec/frontend/token_access/token_access_app_spec.js
index 7f269ee5fda4e3977b8709a43589cd6b0643e556..cff16fd125c0c098f47b73f9a858af67834b39ef 100644
--- a/spec/frontend/token_access/token_access_app_spec.js
+++ b/spec/frontend/token_access/token_access_app_spec.js
@@ -11,12 +11,8 @@ describe('TokenAccessApp component', () => {
   const findInboundTokenAccess = () => wrapper.findComponent(InboundTokenAccess);
   const findOptInJwt = () => wrapper.findComponent(OptInJwt);
 
-  const createComponent = (flagState = false) => {
-    wrapper = shallowMount(TokenAccessApp, {
-      provide: {
-        glFeatures: { ciInboundJobTokenScope: flagState },
-      },
-    });
+  const createComponent = () => {
+    wrapper = shallowMount(TokenAccessApp);
   };
 
   describe('default', () => {
@@ -32,12 +28,6 @@ describe('TokenAccessApp component', () => {
       expect(findOutboundTokenAccess().exists()).toBe(true);
     });
 
-    it('does not render the inbound token access component', () => {
-      expect(findInboundTokenAccess().exists()).toBe(false);
-    });
-  });
-
-  describe('with feature flag enabled', () => {
     it('renders the inbound token access component', () => {
       createComponent(true);
 
diff --git a/spec/models/ci/job_token/scope_spec.rb b/spec/models/ci/job_token/scope_spec.rb
index 9ae061a3702f4ce2ae022399ad817b72a4b15f30..51f0f4878e78584a748267cdf1095a631f8adf94 100644
--- a/spec/models/ci/job_token/scope_spec.rb
+++ b/spec/models/ci/job_token/scope_spec.rb
@@ -160,13 +160,5 @@
 
       include_examples 'enforces outbound scope only'
     end
-
-    context 'when inbound scope flag disabled' do
-      before do
-        stub_feature_flags(ci_inbound_job_token_scope: false)
-      end
-
-      include_examples 'enforces outbound scope only'
-    end
   end
 end
diff --git a/spec/models/project_ci_cd_setting_spec.rb b/spec/models/project_ci_cd_setting_spec.rb
index 2c490c33747137d1556441a254b8b545a9dca84f..0a818147bfc0b321503dd2711cbfeb041d4033fe 100644
--- a/spec/models/project_ci_cd_setting_spec.rb
+++ b/spec/models/project_ci_cd_setting_spec.rb
@@ -27,22 +27,8 @@
     end
   end
 
-  describe '#set_default_for_inbound_job_token_scope_enabled' do
-    context 'when feature flag ci_inbound_job_token_scope is enabled' do
-      before do
-        stub_feature_flags(ci_inbound_job_token_scope: true)
-      end
-
-      it { is_expected.to be_inbound_job_token_scope_enabled }
-    end
-
-    context 'when feature flag ci_inbound_job_token_scope is disabled' do
-      before do
-        stub_feature_flags(ci_inbound_job_token_scope: false)
-      end
-
-      it { is_expected.not_to be_inbound_job_token_scope_enabled }
-    end
+  describe '#default_for_inbound_job_token_scope_enabled' do
+    it { is_expected.to be_inbound_job_token_scope_enabled }
   end
 
   describe '#default_git_depth' do
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 5304fec506e5346a533b8fd220ee7a00075a7b34..36cd8e75b157947506a4f3a423e844b2a68d5284 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -1151,7 +1151,7 @@
     end
 
     describe '#ci_inbound_job_token_scope_enabled?' do
-      it_behaves_like 'a ci_cd_settings predicate method', prefix: 'ci_' do
+      it_behaves_like 'a ci_cd_settings predicate method', prefix: 'ci_', default: true do
         let(:delegated_method) { :inbound_job_token_scope_enabled? }
       end
     end
diff --git a/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb b/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb
index 99e55c44773ce90c4c51cd2b97b27599ffeea21a..0951d165d46a1189ce3f1ac466b1438b908454ae 100644
--- a/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb
+++ b/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb
@@ -101,21 +101,6 @@
         expect(response).to have_gitlab_http_status(:success)
         expect(project.ci_inbound_job_token_scope_enabled).to eq(true)
       end
-
-      context 'when ci_inbound_job_token_scope disabled' do
-        before do
-          stub_feature_flags(ci_inbound_job_token_scope: false)
-        end
-
-        it 'does not update inbound_job_token_scope_enabled' do
-          post_graphql_mutation(mutation, current_user: user)
-
-          project.reload
-
-          expect(response).to have_gitlab_http_status(:success)
-          expect(project.ci_inbound_job_token_scope_enabled).to eq(true)
-        end
-      end
     end
 
     it 'updates ci_opt_in_jwt' do
diff --git a/spec/support/shared_examples/models/project_ci_cd_settings_shared_examples.rb b/spec/support/shared_examples/models/project_ci_cd_settings_shared_examples.rb
index 3caf58da4d29259d1ab3572b4bdd36352296c1c4..f1af1760e8d462c36ba481066de1a95fd4a17aca 100644
--- a/spec/support/shared_examples/models/project_ci_cd_settings_shared_examples.rb
+++ b/spec/support/shared_examples/models/project_ci_cd_settings_shared_examples.rb
@@ -19,7 +19,7 @@
   end
 end
 
-RSpec.shared_examples 'a ci_cd_settings predicate method' do |prefix: ''|
+RSpec.shared_examples 'a ci_cd_settings predicate method' do |prefix: '', default: false|
   using RSpec::Parameterized::TableSyntax
 
   context 'when ci_cd_settings is nil' do
@@ -28,7 +28,7 @@
     end
 
     it 'returns false' do
-      expect(project.send("#{prefix}#{delegated_method}")).to be(false)
+      expect(project.send("#{prefix}#{delegated_method}")).to be(default)
     end
   end