Large deployments run more than one Access Gate: one per plant, one per region, one per tenant. Cross-site entity sharing lets those gates exchange users, assets, and enclave policy so an operator configures an entity once and it reaches every gate that needs it.
What Can Be Shared
| Entity | Use case |
|---|---|
| Users and groups | A contractor or engineer that works across multiple sites |
| Assets | A central asset registry pushed down to the gates that host them |
Only the fields you mark as shareable cross a site boundary. Site-local fields (IP addresses, hardware serials, local overrides) stay local.
How Sharing Works
Each gate keeps its own database and remains autonomous. Sharing is additive: entities are pushed between gates over a signed channel, and each side decides whether to accept them.
┌────────────┐ push ┌────────────┐
│ Site A │ ───────────▶ │ Site B │
│ Access │ │ Access │
│ Gate │ ◀─────────── │ Gate │
└────────────┘ push └────────────┘
If a site goes offline, the others keep operating with the last-accepted state. When the site comes back, it catches up from where it left off.
Set Up a Sharing Link
Connect two sites
- On Site A, navigate to Settings → Fabric → Configure.
- Enter the IP information as well as potential encryption key.
- Then head to Sites -> Add Site.
- Enter a name for your new site.
- The link appears as healthy on both gates once the handshake completes.
The channel uses mutual TLS — no shared secret, no flat trust between gates.
Publish entities from Site A to Site B
- Open the entity (user, asset, enclave template).
- Click Share → pick the target site(s).
- Set whether the remote side can modify the entity or only read it.
- Save.
Share status is visible on the entity: a badge shows where it is published and the last sync time.
Conflict Handling
Cross-site sharing can hit conflicts: two sites edit the same user, a group membership changes on both sides, an asset is renamed locally. Access Gate surfaces these in Settings → Sites → Conflicts and asks an operator to pick a winner — rather than silently clobbering one side.
Audit Trail Across Sites
Every share push and accept is logged in the site's change history with the operator, target, and timestamps. When you export logs via log forwarding, cross-site events are tagged so your SIEM can correlate activity across sites.