diff --git a/src/Controller/Open/IndividualsController.php b/src/Controller/Open/IndividualsController.php
index 28cd51d..79af257 100644
--- a/src/Controller/Open/IndividualsController.php
+++ b/src/Controller/Open/IndividualsController.php
@@ -11,13 +11,17 @@ use Cake\Http\Exception\NotFoundException;
 use Cake\Http\Exception\MethodNotAllowedException;
 use Cake\Http\Exception\ForbiddenException;
 use Cake\Event\EventInterface;
+use Cake\Core\Configure;
 
 class IndividualsController extends AppController
 {
     public function beforeFilter(EventInterface $event)
     {
         parent::beforeFilter($event);
-        $this->Authentication->allowUnauthenticated(['index']);
+        $open = Configure::read('Cerebrate.open');
+        if (!empty($open) && in_array('individuals', $open)) {
+            $this->Authentication->allowUnauthenticated(['index']);
+        }
     }
 
     public function index()
diff --git a/src/Controller/Open/OrganisationsController.php b/src/Controller/Open/OrganisationsController.php
index ad22f42..facda8a 100644
--- a/src/Controller/Open/OrganisationsController.php
+++ b/src/Controller/Open/OrganisationsController.php
@@ -10,13 +10,17 @@ use Cake\Http\Exception\NotFoundException;
 use Cake\Http\Exception\MethodNotAllowedException;
 use Cake\Http\Exception\ForbiddenException;
 use Cake\Event\EventInterface;
+use Cake\Core\Configure;
 
 class OrganisationsController extends AppController
 {
     public function beforeFilter(EventInterface $event)
     {
         parent::beforeFilter($event);
-        $this->Authentication->allowUnauthenticated(['index']);
+        $open = Configure::read('Cerebrate.open');
+        if (!empty($open) && in_array('organisations', $open)) {
+            $this->Authentication->allowUnauthenticated(['index']);
+        }
     }
 
     public function index()