Previous Next
External viewers
If you only need to give someone access to view or download data for a particular form, consider adding them as an external viewer. External viewers can be added directly to forms, without needing to create new user accounts or roles. See Sharing form data with external viewers to learn more.

If your user account permits you to administer users, you will see a Your users section at the bottom of the Configure tab of your server console. There, you can add, edit, or delete user accounts (otherwise known as "logins").

You control each user's level of access by setting their user role appropriately. This role governs exactly what the user is allowed to see and do within SurveyCTO, and you can learn all about user roles in Managing user roles.

If you yourself are logged in with a user account in the global Administrator role, then you will be able to see, edit, and delete all users, and you will be able to add new users in any user role. If you have some lesser level of access, then you will only be able to see users in roles strictly less than or equal in access to your own, and you will only be able to see or assign user roles that are less than or equal to your own; so if there is some user or role that can see or do something (anything) that you can't, then you won't be able to see that user or role.

All user accounts are identified by email addresses – except "Data collection only" users, who can be identified by either an email address or a non-email username. (Sometimes, non-email usernames are easier to create, give out, and configure on devices.)

If you create a user account with an email address, that user will be automatically sent a confirmation email with instructions on where and how to log in. When you create such an account, you can also decide whether to invite that user to set their own password or choose a password for them; if you choose a password, you can opt to include or not include that password in the email confirmation.

If you choose a password, be careful to choose something secure. And be especially careful to use strong passwords for all accounts with administrator or user-management privileges.

Enumerators vs. users
If you're creating logins for enumerators or other data-collection users who fill out forms, be sure to also see the Managing enumerators topic. Among other things, that discusses the distinction between users and enumerators.

Password expiration and complexity requirements

By default, your SurveyCTO server will enforce industry-standard password expiration and complexity requirements. You can (and should!) review these settings to make sure they satisfy your organization's security standards. If you want, you can set stringent requirements for everyone that logs in to your server console, but exclude data-collection-only users from having to meet those requirements (so that data-collection device management is a bit easier).

On the Configure tab of your server console, go to the Server settings section and click Login to view or edit your server's password requirements. Whenever you make a change to the requirements, all users will have to update their passwords in order to ensure compliance – so be sure to set your requirements early on, before you have too many users set up.

External authentication (single-sign-on)

Rather than setting user passwords directly in SurveyCTO, you can configure SurveyCTO to authenticate some or all users via an external authentication provider like Google, Okta, or Microsoft Azure Active Directory. For details, see Configuring external authentication.

See Keeping your data secure for a broader discussion of SurveyCTO data security, including a list of best practices.

Previous Next