How to run multiple teams or clients on one VICIdial with users and groups

If you run a call center, you rarely have just one team. You might have a daytime crew and a night crew, an outbound team and an inbound team, or several clients whose calls you handle under one roof. The good news is that you do not need a separate dialer for each one. A single VICIdial install can carry many teams or clients side by side, and the two tools that make this work are users and user groups. This guide walks through both from the ground up, then shows how to combine them into soft separation that keeps each team in its own lane.

What users and user groups actually are

A user is one login. Every person who touches the system, from a phone-answering Agent to a floor supervisor to the owner, has their own user record with a User ID, a password, a full name, and a User Level. Agents log in with that record to start an Agent session and take calls; managers log in with theirs to open the admin screens.

A User group is a bucket you drop users into. On its own a user record controls what one person can do; a user group controls what a whole set of people can see and reach. That is the distinction that makes multi-team work possible: you write the rules once on the group, then assign people to it. When a new hire joins the night crew, you set their group and they inherit the night crew's campaigns, viewable agents, and report scope automatically.

Why this matters when you share one dialer

VICIdial is Single tenant software: one install, one database, shared by everyone who logs in. There is no built-in wall between Client A and Client B the way a true multi-tenant platform would give you. What you get instead is soft separation, built from user groups. Done carefully, each team logs in and sees only their own campaigns, only their own agents in the transfer list, and only their own numbers in reports. They never know the other teams exist. Done carelessly, a night-shift agent can transfer a call to a daytime agent on a different client's account, and a junior manager can pull a report covering every campaign on the box. The rest of this guide is about getting the careful version.

Creating users

Everything starts in the Users section of the admin screen. Click ADD A NEW USER and fill in the User ID, password, full name, and User Level, then pick the User Group the person belongs to. Those few fields are the whole foundation. We have a step-by-step walkthrough of the screen and every field on it in how to add a VICIdial user.

You will not build out a roster one blank form at a time. When several people share the same level, group, and settings, the fastest path is to make one user exactly right and clone it; the Copy A User screen asks only for a new User ID, password, and full name and pulls everything else from a source user. Walk through it in how to copy a VICIdial user. To change someone later, open their record from the Users list; the full field-by-field tour is in how to modify a VICIdial user. On a busy box the roster gets long, so SEARCH FOR A USER lets you find people by name or partial name, User ID, user level, or group, which is covered in how to search for a VICIdial user. When a person leaves, the safe move is usually to set their record inactive rather than delete it, because removing a user is a deliberate two-step confirmation and erases history; see how to delete a VICIdial user before you do it.

User levels 1 to 9

Every user has a User Level from 1 to 9. Think of it as a coarse seniority dial that sits on top of the fine-grained permission switches. A level 1 user is a plain agent who logs in and takes calls. The middle levels are for team leads and supervisors. Levels 8 and 9 are the administrators, and a handful of powerful settings only apply to them at all. Two examples that come up constantly: a user must be User Level 7 or higher before the View Reports permission does anything, and the Delete Users permission only lets someone delete other users of equal or lesser user level, so a level 7 manager can never delete a level 9 owner. There are also level-9-only settings such as Modify Same User Level, which decides whether a level 9 user can edit themselves and other level 9 users.

Getting the level right is half the battle, because picking it too high hands someone reach across teams they should never have. We break down what each rung means and where the cutoffs bite in VICIdial user levels explained.

The permission matrix

Below the User Level, the modify-user screen carries a long list of admin and agent interface options. These are the individual permission switches, most of them a simple 0 for off or 1 for on. This is where you decide, for one person, exactly which parts of the system respond to them. The full grid of switches, what each one unlocks, and how they interact with user level is laid out in the VICIdial user permission matrix explained. A few of these switches matter so much for multi-team setups that they each have their own deep dive:

• Modify Users lets someone edit other people's records. Hand it out only to people who should be shaping a team, and read the Modify Users permission guide first.
• The various Delete switches are the most dangerous, because deletions are permanent and removing a user erases history. The delete permissions guide covers who should hold them.
• View Reports and Export Reports decide who can read the numbers and who can pull them off the box. Both are central to client isolation, covered in the View Reports permission guide and the Export Reports permission guide.
• Load Leads and Modify Leads control who can push new Lead data in and edit it. The lead-handling switches are explained in the Load Leads permission guide and the Modify Leads permission levels guide.
• GDPR-Compliant Export Delete Leads lets a user download or erase all of one customer's data on request, which you may need when you handle EU clients; see the GDPR export and delete permission guide.

One quiet but important detail: a user's reach over leads is normally scoped to the campaigns allowed by their group. To let someone modify leads across the entire system, they must belong to a group that has ALL CAMPAIGNS selected in Allowed Campaigns. That single rule is what keeps a client's manager from touching another client's records, and it is why the group, not the user, is where multi-team separation really lives.

User groups: the real separation layer

Create groups in the User Groups section with ADD USER GROUP. Each group needs a short User Group ID, between 2 and 20 characters with no spaces, and a description of up to 40 characters. Give each team or client its own group: NIGHTCREW, ACME_INBOUND, CLIENTB_SALES, whatever reads clearly. Then open the Modify User Group screen, where the settings that follow do the heavy lifting.

Allowed Campaigns and ingroups

Allowed Campaigns is a selectable list of the Campaign entries that members of this group can log in to. This is the most important setting for separation. Select only this team's campaigns and leave ALL-CAMPAIGNS unchecked, and members simply cannot log in to anything that belongs to another team. For inbound work, you assign each Ingroup (the queue an inbound call lands in) on a per-agent basis, and the user group screen even has an Add Or Remove In-Group action that applies an ingroup to every active user in the group in one click instead of touching them one at a time.

Who agents can see and transfer to

Agent Status Viewable Groups decides which other groups a member can see in their agent sidebar and transfer calls to. Leave it on ALL-GROUPS and your night crew can see and warm-transfer to a daytime client's agents, which breaks separation instantly. Set it to CAMPAIGN-AGENTS, and a member sees only people in the campaign they are logged into. Or list the specific groups they are allowed to reach. Agent Allowed Chat Groups works the same way for the internal chat feature. These two settings are what stop one client's calls from ever landing on another client's agent.

Report and territory isolation

Groups also fence off the numbers. For users at level 7 or higher, Allowed Reports restricts which reports they can open at all, and Allowed Queue Groups limits which Queue Groups, named bundles of campaigns and inbound groups used by some reports, they can see inside those reports. Build one Queue Group per client and grant each manager only their own, and a manager opening a report sees their client's traffic and nothing else. Allowed User Groups goes further still: it controls which groups a member can view and possibly edit across almost every admin screen, from inbound DIDs to phones to voicemail boxes. Leaving it at --ALL-- opens the whole box; listing only the manager's own group keeps their administrative view boxed in. The same admin-user-group scoping appears on many records elsewhere in the system, where an Admin User Group field restricts who can view that record.

Shifts, IP whitelists, and access controls

User groups carry a few more separation tools. Force Timeclock Login and Shift Enforcement tie group members to the Timeclock and to the Group Shifts you select, so a night crew literally cannot log in outside its hours (with an option to exempt admin levels 8 and 9). The Admin, Agent, and API IP Whitelists let you restrict each kind of access to specific IP addresses per group, which is useful when one client's staff work from a fixed office while another's work from home. These run after login, so a specific user can be set to ignore them while the rest of the group stays locked down.

Group-based reporting

Because groups bundle people, they also give you reporting that is already split by team. The Group Hourly Report, reached from the GROUP HOURLY link in the User Groups section, asks you to pick a user group, a disposition status, and a date and hour, then lists every agent in that group with the calls they took, how many matched the status you chose, and a running total for the day. It is the fastest way to see one team's hour at a glance without sifting through everyone else's traffic. When a whole team needs to move, the Bulk Group Change page reassigns every member of one group to another, or moves all non-admin users at once, so reorganizing a roster is one action rather than dozens of edits.

How it all decides what someone can see

Put the pieces together and access is the result of three layers stacked on top of each other: the user's level sets the coarse ceiling, their group sets the campaigns, viewable agents, and report scope, and the individual permission switches turn specific actions on or off. A request to do something has to clear all three. The flow below shows the order in which the system makes that decision.

flowchart TD
  A[User logs in] --> B[Check user level 1 to 9]
  B --> C[Apply user group settings]
  C --> D[Allowed Campaigns and ingroups]
  C --> E[Viewable groups and transfer targets]
  C --> F[Allowed reports and queue groups]
  D --> G[Check permission switches]
  E --> G
  F --> G
  G --> H[Allowed actions for this user]
  G --> I[Blocked outside this team]

A practical multi-client recipe

To set up two clients cleanly on one box, do this for each one. Create a user group with the client's name and a clear ID. In that group, select only the client's campaigns under Allowed Campaigns, set Agent Status Viewable Groups to CAMPAIGN-AGENTS so agents never see the other client, build a Queue Group of the client's campaigns and ingroups and grant it under Allowed Queue Groups, and set Allowed User Groups to just that group. Then create the client's agents at level 1 and their manager at level 7 or higher, assign them to the group, and switch on only the permissions that role needs. Repeat for the second client. Each side now logs in, dials, transfers, and reports inside its own walls, on shared hardware, with nothing leaking across.

This is soft separation, not a hard wall, so it is worth saying plainly: a misconfigured group can still leak. The protection is only as good as your Allowed Campaigns, viewable groups, and report scoping. Audit them whenever you add a client. If your teams or clients have genuinely conflicting requirements, or one needs root-level isolation for compliance, a separate box per client is the stronger answer, and on managed hosting that is a quick provision rather than a project. You can compare a shared multi-team box against a box per client on our pricing page.

Keeping it tidy over time

Users and groups drift if you let them. A few habits keep multi-team setups healthy. Name groups so the team or client is obvious at a glance. Clone users from a known-good template rather than rebuilding settings by hand, so new people inherit the right scope every time. Grant the lowest user level and the fewest permission switches that let someone do their job, and add more only when they hit a wall. Review Allowed Campaigns and viewable groups whenever you onboard a client, since one stray checkbox is all it takes to cross a line. And when someone leaves, set them inactive before you ever consider deleting, so their call history stays intact. Get these right and one VICIdial comfortably carries many teams without anyone stepping on anyone else.

If you would rather skip the server setup entirely and start placing your teams into groups on a box that is already running, VICIfast provisions a secure, dedicated VICIdial in under a minute. See plans and what is included on our pricing page, then build your users and groups while the dialer is still warm.