Getting Started
User Roles and Permissions
Vilulia uses a role-based access model to control what each user can see and do within your organization. There are five customer-facing roles: tenant admin, mediator, arbitrator, case manager, and viewer. Each role has a specific set of permissions for creating cases, accessing AI tools, and managing the account.
What you'll learn
- What each role can and cannot do
- Which roles have access to AI tools
- How to assign the right role when inviting a team member
- How parties (clients) access their case information
Roles reference
| Role | Create cases | Manage billing | Invite users | AI tools access |
|---|---|---|---|---|
tenant_admin | Yes | Yes | Yes (all roles) | All AI tools (mediation + arbitration, subject to tier) |
mediator | Yes | No | No | Mediation AI only (on assigned cases) |
arbitrator | Yes | No | No | Arbitration AI only (on assigned cases) |
case_manager | Yes | No | No | Mediation AI: draft-agreement only (not priority-analysis) |
viewer | No | No | No | None |
Role notes
Tenant admin: Full organization administrator. Only admins can invite new team members, manage billing, access all cases regardless of assignment, and configure account-level settings including MFA policy, add-ons, and integrations.
Mediator: Manages mediation cases. Mediators have access to all mediation AI tools on cases they are assigned to. They cannot access arbitration AI tools.
Arbitrator: Manages arbitration cases. Arbitrators have access to all arbitration AI tools on cases they are assigned to. They cannot access mediation AI tools.
Case manager: Supports mediators. Case managers can create cases and generate draft settlement agreements, but cannot run priority analysis or access arbitration AI tools.
Viewer: Read-only access to cases and case data. Viewers cannot create or modify anything.
Settings and security access
All roles can access their own account security settings under Settings → Security. From there, any user can enroll in or disable MFA, change their password, view their login history, and manage active sessions. Actions that affect account security — such as enabling or disabling MFA and changing a password — require re-authentication and are blocked during admin impersonation sessions.
Tenant admins have additional settings pages for team management, billing, and feature configuration. Non-admin roles see only their personal security and profile settings.
Admin impersonation
Vilulia support staff with a system_admin or super_admin role can create time-limited impersonation sessions to assist with tenant support requests. Impersonation requires MFA verification, a stated reason, and an optional ticket reference. All actions taken during an impersonation session are attributed to the staff member in the audit log, not the tenant. Sensitive account changes (password, MFA enrollment) are blocked during impersonation sessions. Sessions expire after at most 4 hours.
Client and party access
Dispute parties (complainants and respondents) access their case information through a separate client portal at portal.vilulia.com. Parties do not create a Vilulia account or set a password. Access is granted via a magic link that encodes a 7-day JWT stored in sessionStorage. Each magic link is scoped to a single case — a party cannot navigate to other cases or the main Vilulia application. See Client Portal and Magic Links for details.
Related articles
Can't find what you're looking for? Contact Support