Last updated: July 8, 2025
Available with any of the following subscriptions, except where noted:
Use HubSpot's security health to review a list of security measures to understand how well-protected your HubSpot account is from security incidents. You can review key permission settings like Super Admin access, 2FA enrollment, inactive users, and partner access to help keep your account secure.
Before you get started
Before getting started with security health, please note the following:- To access security health and manage security settings, you must be a Super Admin or have Security Center access permissions.
- Super Admins will receive quarterly notifications if there are scoring measures that need review. The notification explains the importance of the security measures and directs you to Security Health to action recommendations. Learn how to opt-out of notifications.
Access security health
To access security health in your account:- In your HubSpot account, click the settings icon in the top navigation bar.
- In the left sidebar, in the Account Management section, click Security.
- Navigate to the Permissions tab.
- To resolve the security measures, click Manage next to the security measure that needs review. Follow the prompts to resolve the security action.
Security measures assessed
When reviewing your account's security health, the following security measures will be assessed:
- Inactive users: only users who need access to your HubSpot account should be able to access it. HubSpot considers users inactive if they haven't logged on in the past 90 days. Learn how to remove or deactivate users.
- Two-factor authentication: two-factor authentication (2FA) is the best way to protect your HubSpot account from unauthorized access. This is required for all Starter, Professional, and Enterprise accounts. If you're on a free account, learn how to require 2FA in your HubSpot account. The more users who use 2FA, the more your account is protected from unauthorized access.
- Critical permissions: knowing which users have critical permissions can help admins assess risk and get rid of critical access for users based on HubSpot's recommendations.
- Super Admins: a lower number of super admins ensures that the risk of users taking risky actions is reduced. Learn how to manage Super Admin permissions and determine if any can be removed.
- Partner users with Super Admin permissions: making Partner users super admins allows them to view and manage billing, add and delete users, and perform tasks that could add risk to your account. A lower number of super admins reduces security risks. Learn how to manage Partner user permissions and determine if any can be removed as super admin.
