If your user account permits you to administer users, you will see a Your users section at the bottom of the Configure tab of your server console. There, you can add, edit, or delete user accounts.
You control each user's level of access by setting their user role appropriately. This role governs exactly what the user is allowed to see and do within SurveyCTO, and you can learn all about user roles in Managing user roles.
If you yourself are logged in with a user account in the global Administrator role, then you will be able to see, edit, and delete all users, and you will be able to add new users in any user role. If you have some lesser level of access, then you will only be able to see users in roles strictly less than or equal in access to your own, and you will only be able to see or assign user roles that are less than or equal to your own; so if there is some user or role that can see or do something (anything) that you can't, then you won't be able to see that user or role.
All user accounts are identified by email addresses – except "Data collection only" users, who can be identified by either an email address or a non-email username. (Sometimes, non-email usernames are easier to create, give out, and configure on devices.)
If you create a user account with an email address, that user will be automatically sent a confirmation email with instructions on where and how to login. When you create such an account, you can also decide whether to invite that user to set their own password or choose a password for them; if you choose a password, you can opt to include or not include that password in the email confirmation.
If you choose a password, be careful to choose something secure. And be especially careful to use strong passwords for all accounts with administrator or user-management privileges.
Password expiration and complexity requirements
You can (and should!) configure your SurveyCTO server to periodically expire users' passwords and require them to meet certain minimum requirements. For example, you can expire passwords every 90 days and require them to include uppercase letters and special characters (like punctuation or symbols like # or @). If you want, you can set stringent requirements and exclude data-collection-only users from having to meet them (so that data-collection device management is a bit easier).
On the Configure tab of your server console, go to the Server settings section and click Login to view or edit your server's password requirements. Whenever you make a change to the requirements, all users will have to update their passwords in order to ensure compliance – so be sure to set your requirements early on, before you have too many users set up.
External authentication (single-sign-on)
Rather than setting user passwords directly in SurveyCTO, you can configure SurveyCTO to authenticate some or all users via an external authentication provider like Google, Okta, or Microsoft Azure Active Directory. For details, see Configuring external authentication.