ory · unatasha8 · Mar 17, 2026
@@ -70,64 +70,3 @@ password policy, refer to the [password policy page](../../concepts/password-pol
 
 Ory OAuth2 and OpenID Connect is a certified OAuth2 and OpenID Connect provider. You can read more in the
 [OAuth 2.0 security overview](../../hydra/security-architecture) documentation.
-
-## CAPTCHAs
-
-Ory Identities supports protecting self-service flows with CAPTCHA challenges. This is useful to prevent credential stuffing,
-brute force and other automated attacks.
-
-### Prerequisites
-
-Before proceeding, ensure you are on a plan that supports this feature. If you need CAPTCHA support,
-[contact us](https://www.ory.com/contact).
-
-Supported CAPTCHA providers are:
-
-- [Cloudflare Turnstile](https://developers.cloudflare.com/turnstile)
-
-```mdx-code-block
-<Tabs groupId="console-or-api">
-<TabItem value="console" label="Ory Console">
-```
-
-1. Go to <ConsoleLink route="project.authentication" />.
-2. Toggle **CAPTCHA protection**.
-3. Choose your preferred configuration mode:
-   - **Managed**: Our standard, zero-setup integrated Cloudflare Turnstile widget.
-     - Add or remove domains from the **Allowed domains** list.
-     - You must define at least one valid domain.
-     - You can list up to 10 domains in total.
-   - **Bring Your Own Keys**: Connect your existing Cloudflare Turnstile account to view detailed security analytics directly
-     within your own Cloudflare dashboard.
-     - Enter your Turnstile **Site Key** and **Secret Key**.
-4. Click **Save**.
-5. Navigate to any protected self-service screen, for example the registration or login page, to test the CAPTCHA protection.
-
-```mdx-code-block
-</TabItem>
-<TabItem value="cli" label="Ory CLI">
-```
-
-Configure Managed Mode:
-
-```shell
-ory patch identity-config --project <project-id> --workspace <workspace-id> \
-  --replace '/selfservice/methods/captcha/enabled=true' \
-  --replace '/selfservice/methods/captcha/config/byo=false' \
-  --replace '/selfservice/methods/captcha/config/allowed_domains=["example.org", "foo.bar.dev"]'
-```
-
-Configure BYO Mode:
-
-```shell
-ory patch identity-config --project <project-id> --workspace <workspace-id> \
-  --replace '/selfservice/methods/captcha/enabled=true' \
-  --replace '/selfservice/methods/captcha/config/byo=true' \
-  --replace '/selfservice/methods/captcha/config/cf_turnstile/sitekey=your-site-key' \
-  --replace '/selfservice/methods/captcha/config/cf_turnstile/secret=your-secret-key'
-```
-
-```mdx-code-block
-</TabItem>
-</Tabs>
-```
@@ -0,0 +1,67 @@
+---
+id: CAPTCHA
+title: CAPTCHA challenge
+sidebar: CAPTCHA challenge in flows
+---
+
+import Tabs from "@theme/Tabs"
+import TabItem from "@theme/TabItem"
+
+Ory Identities supports protecting self-service flows with CAPTCHA challenges. This is useful to prevent credential stuffing,
+brute force and other automated attacks.
+
+### Prerequisites
+
+Before proceeding, ensure you are on a plan that supports this feature. If you need CAPTCHA support,
+[contact us](https://www.ory.com/contact).
+
+Supported CAPTCHA providers are:
+
+- [Cloudflare Turnstile](https://developers.cloudflare.com/turnstile)
+
+```mdx-code-block
+<Tabs groupId="console-or-api">
+<TabItem value="console" label="Ory Console">
+```
+
+1. Go to <ConsoleLink route="project.authentication" />.
+2. Toggle **CAPTCHA protection**.
+3. Choose your preferred configuration mode:
+   - **Managed**: Our standard, zero-setup integrated Cloudflare Turnstile widget.
+     - Add or remove domains from the **Allowed domains** list.
+     - You must define at least one valid domain.
+     - You can list up to 10 domains in total.
+   - **Bring Your Own Keys**: Connect your existing Cloudflare Turnstile account to view detailed security analytics directly
+     within your own Cloudflare dashboard.
+     - Enter your Turnstile **Site Key** and **Secret Key**.
+4. Click **Save**.
+5. Navigate to any protected self-service screen, for example the registration or login page, to test the CAPTCHA protection.
+
+```mdx-code-block
+</TabItem>
+<TabItem value="cli" label="Ory CLI">
+```
+
+Configure Managed Mode:
+
+```shell
+ory patch identity-config --project <project-id> --workspace <workspace-id> \
+  --replace '/selfservice/methods/captcha/enabled=true' \
+  --replace '/selfservice/methods/captcha/config/byo=false' \
+  --replace '/selfservice/methods/captcha/config/allowed_domains=["example.org", "foo.bar.dev"]'
+```
+
+Configure BYO Mode:
+
+```shell
+ory patch identity-config --project <project-id> --workspace <workspace-id> \
+  --replace '/selfservice/methods/captcha/enabled=true' \
+  --replace '/selfservice/methods/captcha/config/byo=true' \
+  --replace '/selfservice/methods/captcha/config/cf_turnstile/sitekey=your-site-key' \
+  --replace '/selfservice/methods/captcha/config/cf_turnstile/secret=your-secret-key'
+```
+
+```mdx-code-block
+</TabItem>
+</Tabs>
+```
@@ -382,6 +382,7 @@ const kratos: SidebarItemsConfig = [
           "kratos/self-service/flows/user-logout",
           "kratos/self-service/flows/user-settings",
           "kratos/self-service/flows/verify-email-account-activation",
+          "kratos/self-service/flows/CAPTCHA",
           "kratos/self-service/flows/account-recovery-password-reset",
           "kratos/self-service/flows/user-facing-errors",
         ],