diff --git a/src/backend/app/models/user.py b/src/backend/app/models/user.py
index 96d447e1..032c6a50 100644
--- a/src/backend/app/models/user.py
+++ b/src/backend/app/models/user.py
@@ -16,11 +16,6 @@ class UserCreate(SQLModel):
 
 
 class UserOut(SQLModel):
-    username: str = Field(index=True, unique=True)
-    email: str | None = Field(default=None, index=True, unique=True)
-
-
-class User(UserOut, table=True):
     id: UUID = Field(
         default=None,
         primary_key=True,
@@ -30,5 +25,9 @@ class User(UserOut, table=True):
             )
         },
     )
+    username: str = Field(index=True, unique=True)
+    email: str | None = Field(default=None, index=True, unique=True)
 
+
+class User(UserOut, table=True):
     password_hash: str = Field()
diff --git a/src/backend/app/routes/http/admin/user.py b/src/backend/app/routes/http/admin/user.py
index 02bf5de3..9c3c1c12 100644
--- a/src/backend/app/routes/http/admin/user.py
+++ b/src/backend/app/routes/http/admin/user.py
@@ -1,11 +1,25 @@
-from fastapi import APIRouter
+from uuid import UUID
 
-from app.deps import CurrentUser, SessionDep
-from app.models.user import UserOut, UserUpdate
+from fastapi import APIRouter, HTTPException
+from sqlmodel import select
+
+from app.deps import CurrentUser, PaginationDep, SessionDep
+from app.models.user import User, UserCreate, UserOut, UserUpdate
+from app.pagination import Page, paginate
+from app.security import get_password_hash
 
 router = APIRouter()
 
 
+@router.get("/users", response_model=Page[UserOut])
+async def get_users(
+    session: SessionDep,
+    _: CurrentUser,
+    pagination: PaginationDep,
+):
+    return await paginate(select(User), session, pagination)
+
+
 @router.patch("/user", response_model=UserOut)
 async def change_user(
     session: SessionDep,
@@ -18,3 +32,34 @@ async def change_user(
     await session.commit()
     await session.refresh(user)
     return user
+
+
+@router.post("/user", response_model=UserOut)
+async def create_user(
+    session: SessionDep,
+    user_in: UserCreate,
+    _: CurrentUser,
+):
+    user = User(
+        username=user_in.username,
+        email=user_in.email,
+        password_hash=get_password_hash(user_in.password),
+    )
+    session.add(user)
+    await session.commit()
+    await session.refresh(user)
+    return user
+
+
+@router.delete("/user/{user_id}", response_model=UserOut)
+async def delete_user(
+    session: SessionDep,
+    user_id: UUID,
+    _: CurrentUser,
+):
+    user = await session.get(User, user_id)
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    await session.delete(user)
+    await session.commit()
+    return user
diff --git a/src/frontend/src/lib/consts/backend.ts b/src/frontend/src/lib/consts/backend.ts
index e6ffb623..e0870b99 100644
--- a/src/frontend/src/lib/consts/backend.ts
+++ b/src/frontend/src/lib/consts/backend.ts
@@ -65,6 +65,9 @@ export class Api {
 		return {
 			CONFIG: this.#url('admin/config'),
 			USER_UPDATE: this.#url('admin/user'),
+			USERS: this.#url('admin/users'),
+			USER_CREATE: this.#url('admin/user'),
+			USER_DELETE: (id: string) => this.#url(`admin/user/${id}`),
 			FILES: this.#url('admin/files'),
 			FILE_REVOKE: (id: string) => this.#url(`admin/files/${id}`)
 		};
diff --git a/src/frontend/src/lib/queries/admin_users.ts b/src/frontend/src/lib/queries/admin_users.ts
new file mode 100644
index 00000000..8ea25679
--- /dev/null
+++ b/src/frontend/src/lib/queries/admin_users.ts
@@ -0,0 +1,61 @@
+import { Api } from '#consts/backend';
+import { createQuery, useQueryClient } from '@tanstack/svelte-query';
+
+export const usersQueryKey = ['admin-users'];
+
+export const useUsersQuery = (page: () => number, size: number) => {
+	const queryClient = useQueryClient();
+
+	const users = createQuery(() => ({
+		queryKey: [...usersQueryKey, page()],
+		queryFn: async () => {
+			const res = await fetch(`${Api.ADMIN.USERS}?page=${page()}&size=${size}`, {
+				credentials: 'include'
+			});
+
+			if (!res.ok) {
+				throw new Error('Failed to fetch users');
+			}
+
+			return res.json();
+		}
+	}));
+
+	const createUser = async (user_in: any) => {
+		const res = await fetch(Api.ADMIN.USER_CREATE, {
+			method: 'POST',
+			headers: {
+				'Content-Type': 'application/json'
+			},
+			body: JSON.stringify(user_in),
+			credentials: 'include'
+		});
+
+		if (!res.ok) {
+			const error = await res.json().catch(() => ({}));
+			throw new Error(error.detail || 'Failed to create user');
+		}
+
+		const data = await res.json();
+		queryClient.invalidateQueries({ queryKey: usersQueryKey });
+		return data;
+	};
+
+	const deleteUser = async (user_id: string) => {
+		const res = await fetch(Api.ADMIN.USER_DELETE(user_id), {
+			method: 'DELETE',
+			credentials: 'include'
+		});
+
+		if (!res.ok) {
+			const error = await res.json().catch(() => ({}));
+			throw new Error(error.detail || 'Failed to delete user');
+		}
+
+		const data = await res.json();
+		queryClient.invalidateQueries({ queryKey: usersQueryKey });
+		return data;
+	};
+
+	return { users, createUser, deleteUser };
+};
diff --git a/src/frontend/src/lib/queries/files.ts b/src/frontend/src/lib/queries/files.ts
index 0293a40d..bc0bcd20 100644
--- a/src/frontend/src/lib/queries/files.ts
+++ b/src/frontend/src/lib/queries/files.ts
@@ -29,10 +29,12 @@ export type PaginatedFiles = {
 	};
 };
 
+const queryKey = ['admin-files'];
+
 export const useFilesQuery = (page: () => number = () => 1, pageSize: number = 20) => {
 	const queryClient = useQueryClient();
 	const query = createQuery(() => ({
-		queryKey: ['admin-files', page(), pageSize],
+		queryKey: [...queryKey, page(), pageSize],
 		queryFn: async () => {
 			const url = new URL(Api.ADMIN.FILES, window.location.origin);
 			url.searchParams.set('page', page().toString());
@@ -61,7 +63,7 @@ export const useFilesQuery = (page: () => number = () => 1, pageSize: number = 2
 		});
 
 		if (res.ok) {
-			await queryClient.invalidateQueries({ queryKey: ['admin-files'] });
+			await queryClient.invalidateQueries({ queryKey: [...queryKey] });
 		} else {
 			throw new Error('Failed to revoke file');
 		}
diff --git a/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/app-sidebar.svelte b/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/app-sidebar.svelte
index 30e7edee..f1c5ac34 100644
--- a/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/app-sidebar.svelte
+++ b/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/app-sidebar.svelte
@@ -1,6 +1,6 @@
 <script lang="ts">
 	import * as Sidebar from '$lib/components/ui/sidebar/index';
-	import { Settings, UserPen, Link } from '@lucide/svelte';
+	import { Settings, UserPen, Link, Users } from '@lucide/svelte';
 	import favicon from '$lib/assets/logo.svg';
 	const items = [
 		{
@@ -17,6 +17,11 @@
 			title: 'Outstanding Urls',
 			url: '/admin/urls',
 			icon: Link
+		},
+		{
+			title: 'Users',
+			url: '/admin/users',
+			icon: Users
 		}
 	];
 </script>
diff --git a/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/users/+page.svelte b/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/users/+page.svelte
new file mode 100644
index 00000000..d745079e
--- /dev/null
+++ b/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/users/+page.svelte
@@ -0,0 +1,131 @@
+<script lang="ts">
+	import { useAuth } from '#queries/auth';
+	import { useUsersQuery } from '#queries/admin_users';
+	import * as Table from '$lib/components/ui/table';
+	import * as Card from '$lib/components/ui/card';
+	import * as Pagination from '$lib/components/ui/pagination';
+	import { Button } from '$lib/components/ui/button';
+	import { Trash2, UserPlus } from 'lucide-svelte';
+	import { toast } from 'svelte-sonner';
+	import CreateUserDialog from './create_user_dialog.svelte';
+	import DeleteUserDialog from './delete_user_dialog.svelte';
+
+	let currentPage = $state(1);
+	const pageSize = 20;
+
+	const { user } = useAuth();
+	const { users } = useUsersQuery(() => currentPage, pageSize);
+
+	let isCreateDialogOpen = $state(false);
+	let isDeleteDialogOpen = $state(false);
+	let userToDelete = $state<string | null>(null);
+
+	let totalItems = $derived(users.data?.total_items ?? 0);
+
+	function requestDelete(userId: string) {
+		if (userId === user.data?.id) {
+			toast.error('Cannot delete yourself.');
+			return;
+		}
+		userToDelete = userId;
+		isDeleteDialogOpen = true;
+	}
+</script>
+
+<div class="flex items-center justify-between space-y-2 pb-6">
+	<div>
+		<h2 class="text-3xl font-bold tracking-tight">Users</h2>
+		<p class="text-muted-foreground">Manage system users.</p>
+	</div>
+
+	<div>
+		<Button onclick={() => (isCreateDialogOpen = true)}>
+			<UserPlus class="mr-2 h-4 w-4" />
+			Create User
+		</Button>
+	</div>
+</div>
+
+<Card.Root>
+	<Card.Content class="p-0">
+		<Table.Root>
+			<Table.Header>
+				<Table.Row>
+					<Table.Head>Username</Table.Head>
+					<Table.Head>Email</Table.Head>
+					<Table.Head class="text-right">Actions</Table.Head>
+				</Table.Row>
+			</Table.Header>
+			<Table.Body>
+				{#if users.isLoading}
+					<Table.Row>
+						<Table.Cell colspan={3} class="py-8 text-center text-muted-foreground">
+							Loading users...
+						</Table.Cell>
+					</Table.Row>
+				{:else if users.error}
+					<Table.Row>
+						<Table.Cell colspan={3} class="py-8 text-center text-muted-foreground">
+							Failed to load users: {users.error.message}
+						</Table.Cell>
+					</Table.Row>
+				{:else if !users.data?.items || users.data.items.length === 0}
+					<Table.Row>
+						<Table.Cell colspan={3} class="py-8 text-center text-muted-foreground">
+							No users found.
+						</Table.Cell>
+					</Table.Row>
+				{:else}
+					{#each users.data.items as u}
+						<Table.Row>
+							<Table.Cell>{u.username}</Table.Cell>
+							<Table.Cell>{u.email || '-'}</Table.Cell>
+							<Table.Cell class="text-right">
+								<Button
+									variant="ghost"
+									size="icon"
+									disabled={u.id === user.data?.id}
+									onclick={() => requestDelete(u.id)}
+								>
+									<Trash2 class="h-4 w-4 cursor-pointer text-destructive" />
+								</Button>
+							</Table.Cell>
+						</Table.Row>
+					{/each}
+				{/if}
+			</Table.Body>
+		</Table.Root>
+	</Card.Content>
+</Card.Root>
+
+<div class="flex items-center justify-end py-4">
+	<Pagination.Root count={totalItems} perPage={pageSize} bind:page={currentPage}>
+		{#snippet children({ pages, currentPage })}
+			<Pagination.Content>
+				<Pagination.Item>
+					<Pagination.PrevButton />
+				</Pagination.Item>
+				{#each pages as page (page.key)}
+					{#if page.type === 'ellipsis'}
+						<Pagination.Item>
+							<Pagination.Ellipsis />
+						</Pagination.Item>
+					{:else}
+						<Pagination.Item>
+							<Pagination.Link {page} isActive={currentPage === page.value}>
+								{page.value}
+							</Pagination.Link>
+						</Pagination.Item>
+					{/if}
+				{/each}
+				<Pagination.Item>
+					<Pagination.NextButton />
+				</Pagination.Item>
+			</Pagination.Content>
+		{/snippet}
+	</Pagination.Root>
+</div>
+
+<CreateUserDialog bind:open={isCreateDialogOpen} />
+
+<DeleteUserDialog bind:open={isDeleteDialogOpen} bind:userId={userToDelete} />
diff --git a/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/users/create_user_dialog.svelte b/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/users/create_user_dialog.svelte
new file mode 100644
index 00000000..e88e5509
--- /dev/null
+++ b/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/users/create_user_dialog.svelte
@@ -0,0 +1,189 @@
+<script module lang="ts">
+	import { z } from 'zod';
+	export const schema = z.object({
+		username: z.string().min(2, 'Username must be at least 2 characters').max(50),
+		email: z.email('Invalid email address').optional().or(z.literal('')),
+		password: z
+			.string()
+			.min(8, 'Password must be at least 8 characters')
+			.regex(/[0-9]/, 'Password must contain at least one number')
+			.regex(/[!@#$%^&*(),.?":{}|<>]/, 'Password must contain at least one special character')
+	});
+</script>
+
+<script lang="ts">
+	import * as Dialog from '$lib/components/ui/dialog';
+	import * as Form from '$lib/components/ui/form/index';
+	import { Input } from '$lib/components/ui/input';
+	import { Button } from '$lib/components/ui/button';
+	import { useUsersQuery } from '#queries/admin_users';
+	import { toast } from 'svelte-sonner';
+	import { superForm, defaults } from 'sveltekit-superforms';
+	import { zod4, zod4Client } from 'sveltekit-superforms/adapters';
+	import { User, Mail, Lock, LoaderCircle, UserPlus, Eye, EyeOff } from 'lucide-svelte';
+
+	let { open = $bindable(false) } = $props<{ open: boolean }>();
+
+	const { createUser } = useUsersQuery(() => 1, 20);
+
+	const form = superForm(defaults(zod4(schema)), {
+		SPA: true,
+		validators: zod4Client(schema),
+		onUpdate: async ({ form: f }) => {
+			if (f.valid) {
+				try {
+					await createUser({
+						username: f.data.username,
+						email: f.data.email || null,
+						password: f.data.password
+					});
+					toast.success('User created successfully.');
+					open = false;
+					form.reset();
+				} catch (e: any) {
+					toast.error(e.message || 'Failed to create user.');
+				}
+			} else {
+				toast.error('Please fix the errors in the form.');
+			}
+		}
+	});
+
+	const { form: formData, enhance, submitting } = form;
+
+	let showPassword = $state(false);
+	const isPasswordEmpty = $derived($formData.password.length === 0);
+
+	$effect(() => {
+		if (isPasswordEmpty) {
+			showPassword = false;
+		}
+	});
+</script>
+
+<Dialog.Root bind:open>
+	<Dialog.Content class="sm:max-w-106.25">
+		<Dialog.Header class="space-y-3 pb-4 text-center sm:text-left">
+			<div
+				class="mx-auto flex h-12 w-12 items-center justify-center rounded-xl border border-primary/20 bg-primary/10 text-primary sm:mx-0"
+			>
+				<UserPlus class="size-6" />
+			</div>
+			<div class="space-y-1">
+				<Dialog.Title class="text-xl font-semibold">Create User</Dialog.Title>
+				<Dialog.Description>
+					Add a new user to the system. Provide an email if you want.
+				</Dialog.Description>
+			</div>
+		</Dialog.Header>
+
+		<form use:enhance method="POST" class="grid gap-5">
+			<Form.Field {form} name="username">
+				<Form.Control>
+					{#snippet children({ props })}
+						<Form.Label class="ml-1 text-sm font-medium">Username</Form.Label>
+						<div class="group relative">
+							<div
+								class="absolute inset-y-0 left-3 flex items-center text-muted-foreground transition-colors group-focus-within:text-primary"
+							>
+								<User class="size-4" />
+							</div>
+							<Input
+								{...props}
+								bind:value={$formData.username}
+								placeholder="Pick a unique username"
+								class="h-11 border-border bg-background/50 pl-10 transition-all focus-visible:ring-primary/40"
+								required
+							/>
+						</div>
+					{/snippet}
+				</Form.Control>
+				<Form.FieldErrors />
+			</Form.Field>
+
+			<Form.Field {form} name="email">
+				<Form.Control>
+					{#snippet children({ props })}
+						<Form.Label class="ml-1 text-sm font-medium">Email</Form.Label>
+						<div class="group relative">
+							<div
+								class="absolute inset-y-0 left-3 flex items-center text-muted-foreground transition-colors group-focus-within:text-primary"
+							>
+								<Mail class="size-4" />
+							</div>
+							<Input
+								{...props}
+								type="email"
+								bind:value={$formData.email}
+								placeholder="name@example.com (optional)"
+								class="h-11 border-border bg-background/50 pl-10 transition-all focus-visible:ring-primary/40"
+							/>
+						</div>
+					{/snippet}
+				</Form.Control>
+				<Form.FieldErrors />
+			</Form.Field>
+
+			<Form.Field {form} name="password">
+				<Form.Control>
+					{#snippet children({ props })}
+						<Form.Label class="ml-1 text-sm font-medium">Password</Form.Label>
+						<div class="group relative">
+							<div
+								class="absolute inset-y-0 left-3 flex items-center text-muted-foreground transition-colors group-focus-within:text-primary"
+							>
+								<Lock class="size-4" />
+							</div>
+							<Input
+								{...props}
+								type={showPassword ? 'text' : 'password'}
+								bind:value={$formData.password}
+								placeholder="Min. 8 chars, with number & symbol"
+								class="h-11 border-border bg-background/50 px-10 transition-all focus-visible:ring-primary/40"
+								required
+							/>
+
+							<Button
+								variant="ghost"
+								size="icon"
+								type="button"
+								onclick={() => (showPassword = !showPassword)}
+								disabled={isPasswordEmpty}
+								class={[
+									'absolute top-0.5 right-0.5 h-10 w-10 text-muted-foreground transition-all duration-200',
+									isPasswordEmpty && 'pointer-events-none scale-90 opacity-0',
+									!isPasswordEmpty &&
+										'scale-100 opacity-100 hover:bg-transparent hover:text-foreground'
+								]}
+							>
+								{#if showPassword}
+									<EyeOff class="size-4" />
+								{:else}
+									<Eye class="size-4" />
+								{/if}
+							</Button>
+						</div>
+					{/snippet}
+				</Form.Control>
+				<Form.FieldErrors />
+			</Form.Field>
+
+			<Dialog.Footer class="pt-2">
+				<Button type="button" variant="ghost" onclick={() => (open = false)} class="h-11">
+					Cancel
+				</Button>
+				<Form.Button
+					disabled={$submitting}
+					class="h-11 px-8 font-semibold shadow-lg shadow-primary/20 transition-all hover:brightness-105 active:scale-[0.98] disabled:opacity-70"
+				>
+					{#if $submitting}
+						<LoaderCircle class="mr-2 size-4 animate-spin" />
+						Creating...
+					{:else}
+						Create User
+					{/if}
+				</Form.Button>
+			</Dialog.Footer>
+		</form>
+	</Dialog.Content>
+</Dialog.Root>
diff --git a/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/users/delete_user_dialog.svelte b/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/users/delete_user_dialog.svelte
new file mode 100644
index 00000000..4f1a4a25
--- /dev/null
+++ b/src/frontend/src/routes/(needs_onboarding)/(login_required)/admin/users/delete_user_dialog.svelte
@@ -0,0 +1,49 @@
+<script lang="ts">
+	import * as Dialog from '$lib/components/ui/dialog';
+	import { Button } from '$lib/components/ui/button';
+	import { useUsersQuery } from '#queries/admin_users';
+	import { toast } from 'svelte-sonner';
+
+	let {
+		open = $bindable(false),
+		userId = $bindable(null)
+	} = $props<{
+		open: boolean;
+		userId: string | null;
+	}>();
+
+	const { deleteUser } = useUsersQuery(() => 1, 20);
+	let isDeleting = $state(false);
+
+	async function handleDelete() {
+		if (!userId) return;
+		isDeleting = true;
+		try {
+			await deleteUser(userId);
+			toast.success('User deleted successfully.');
+			open = false;
+			userId = null;
+		} catch (e: any) {
+			toast.error(e.message || 'Failed to delete user.');
+		} finally {
+			isDeleting = false;
+		}
+	}
+</script>
+
+<Dialog.Root bind:open>
+	<Dialog.Content>
+		<Dialog.Header>
+			<Dialog.Title>Are you absolutely sure?</Dialog.Title>
+			<Dialog.Description>
+				This action cannot be undone. This will permanently delete the user account.
+			</Dialog.Description>
+		</Dialog.Header>
+		<Dialog.Footer>
+			<Button variant="outline" onclick={() => (open = false)}>Cancel</Button>
+			<Button variant="destructive" disabled={isDeleting} onclick={handleDelete}>
+				{isDeleting ? 'Deleting...' : 'Delete User'}
+			</Button>
+		</Dialog.Footer>
+	</Dialog.Content>
+</Dialog.Root>