A website can have security restricting access in the following ways:-

• All users must know a single password
  
  OR
   
• All users must register, with the following options:-
  • Allow any user to register
    • Users can simply enter an email, then create a password to access the website in future.
  • Restrict to users with email already in Contacts
    • Only users with an email address already in Contacts can register. Email addresses can be imported in bulk using the Manager > Import feature.
  • Restrict to users with email in a particular domain name
    • Only email addresses containing a specific domain name are allowed to register. When used with the next option (Require User to Validate Email) this provides a way to securely limit access to users in a particular organisation.
  • Require users to validate email address
    • Once a valid email is entered, the user is sent an email containing a link. They must then click on the link to validate the email and finish registering.

All these options can be set from Website > Config on the General tab in the Public Website Security section.