Practice Dashboard security changes
This article explains the security changes that are coming soon to the Practice Dashboard.
In the coming months, we’ll be enabling the new login check by default, introducing four flexible roles for account managers and a new practice security centre page.
Here’s what’s changing.
New login check enabled by default
In November 2025, we introduced the new login check for those not already using our two-factor authentication (2FA) to provide an easy way to prevent unauthorised logins to your dashboard and meet modern security and GDPR standards.
When enabled, if you log in to your dashboard using a new device that isn't a known device, or log in after clearing cookies, you'll be sent a verification code to your email address that you'll need to enter to verify your account. Read more on how the new login check will work once enabled.
You currently need to activate email login checks on your dashboard as they aren’t activated by default. But in the coming months, it’ll be turned on by default as a crucial part of protecting your practice’s and customers’ data from unauthorised access, fraud and abuse.
Please speak to your Account Manager in FreeAgent if you want the new login check to be disabled after it’s been turned on by default. However, disabling the new login check will leave your dashboard at increased risk of unauthorised access and account takeover as most security breaches occur on accounts without this protection.
The new login check will also be turned on by default for your clients. FreeAgent account owners and users with full access will soon be able to set it as ‘optional’ for other users, which would allow them to disable it, or ‘active’ which would mean they cannot disable it.
New account manager roles
Account managers within the Practice Dashboard are currently limited to either ‘Senior’ or ‘Non-senior’ roles. To provide you with more precise control over your data and team access, we’re refining these roles. This will ensure that administrative power is distributed more securely, preventing over-reliance on a single account type for critical dashboard features, like user management.
Therefore, we’re upgrading the Practice Dashboard by introducing four flexible roles in the coming months tailored to how your team works, giving you more control and better security. This protects your practice from account takeovers by restricting high-risk settings to designated ‘Admins’, while ensuring your team still has all the access they need to manage clients effectively.
The new roles will be:
- ‘Admin’ - replacing the existing ‘Senior’ role allowing full access to all areas of the dashboard. This will be the only role that has the permission to add, edit or delete account managers and manage specific practice settings (practice details and client communication preferences).
- ‘Comprehensive’ - similar permissions to the ‘Admin’ role, but won’t have the permission to add/edit/delete account managers and manage specific practice settings (practice details and client communication preferences).
- ‘Standard’ - replacing the existing ‘Non-senior’ role.
- ‘Limited’ - will have the lowest level of permissions. This role will allow access to clients that are assigned to them or part of the same group, and prepare payroll in bulk but not file payroll.
Existing senior account managers will be automatically changed to an ‘Admin’ role and existing non-senior account managers will be automatically changed to a ‘Standard’ role. Please note that this will change the name of their current roles only, not their permissions as the permissions for the new roles are the same as the previous ones. This will ensure that all account managers retain their current access levels when these changes go live, allowing your practice to continue working exactly as you do today.
However, you’ll be able to adjust the roles for each account manager accordingly to suit the work they’ll be carrying out. You’ll also be able to assign new roles in bulk.
New practice security centre
We’ll be adding a new ‘Practice security centre’ page to the Practice Dashboard, designed to help you understand and improve your security position. From here, you’ll be able to review admin access and adjust the roles for each account manager accordingly to suit the work they’ll be carrying out.
The security centre will also:
- highlight two-factor authentication (2FA) adoption from account managers
- identify inactive users
- identify inactive API connections
This will give your practice the flexibility and confidence to protect your practice and your clients’ data.