Managing multiple SGEN sites
If your organization runs more than one SGEN site, the daily operating rhythm changes. You are not authoring on one site — you are keeping a portfolio healthy. This guide covers the patterns that scale from 2 sites to 20 or more: consistent naming, a shared brand library, unified security policy, and cross-site reporting from one view.
Things that should be consistent across every site — user identities, security policy, brand assets — live at the org level. Things that are site-specific — content, Custom Codes, page structure — live at the site level. Mixing the two is what creates management overhead at scale.
Ad-hoc coordination works fine at 2 sites. It breaks down around 8 and produces wrong outcomes by 12. Org-level discipline is the only model that scales with portfolio size.
All sites online with recent backups, a clean user roster, uniform security policy, and consistent brand — all checked in one short monthly sweep.
What is this for?
The multi-site management surface gives Platform Admins a single view across every site in their organization's portfolio. From the org-level dashboard, you can monitor health and activity across all sites, manage users at the org level, enforce consistent security policies, and review cross-site billing — without switching between individual site admin panels.
The key principle: things that should be consistent across all sites (user identities, security policies, brand assets) live at the org level. Things that are site-specific (content, Custom Codes, page structure) live at the site level. Mixing the two is what creates management overhead at scale.
At 2 sites, this discipline feels like ceremony — ad-hoc coordination handles everything in minutes. At 8 sites the ad-hoc model breaks: adding a new hire to every site takes an hour, and missing one is a real risk. At 12 sites it produces wrong outcomes — inconsistent access, drifted brand assets, security policies that disagree across sites — and nobody notices, because no one person looks at all 12. Org-level discipline is the only model that scales linearly with portfolio size.
Backed up just now (02:00) · last activity 2 hours ago · status Online.
Backed up just now (02:00) · last activity yesterday · status Online.
Backed up just now (02:00) · last activity 3 days ago · status Backup stale.
Backed up just now (02:00) · last activity 5 hours ago · status Staging.
A sample four-site portfolio as it appears in the org dashboard's site list.
Good use cases
Each location has its own site (location-specific hours, menu, team). All sites share the brand's visual identity and the same global navigation pattern. One platform admin oversees all locations from the org dashboard.
An organization operates a primary brand site and two subsidiary sites. Brand guidelines apply to all three. Content is site-specific. User access is managed at the org level so one person manages all accounts.
A product documentation site and a marketing/blog site serve different audiences and have different content teams. The same org-level security policy (2FA enforcement, password rules) applies to both.
A dedicated staging site lives in the same org as the production sites. Platform Admins can test configuration changes, import-export flows, or SG-Builder updates on the staging site before applying to production.
An organization operates separate sites for different regions. Each region has its own content team. One global Platform Admin manages the portfolio; regional editors are scoped to their own site.
What NOT to use this for
The multi-site portfolio view is for management — it does not push content from one site to another. If two sites need the same blog post, plan the syndication explicitly using the import/export tool or a content API workflow. Ad-hoc copy-paste is not a syndication strategy.
Each SGEN site in the portfolio has its own isolated database. Multi-site management provides a unified admin view; it does not merge data stores or create shared content pools.
If two sites belong to legally distinct entities with separate billing, separate liability, and separate teams who should not see each other's sites — those belong in separate SGEN orgs, not under one org as multiple sites. See "When to split into multiple SGEN orgs" below.
Use a dedicated staging site in the portfolio. The org dashboard makes it easy to identify your staging site; don't treat a live site as a sandbox.
How this connects to other features
Security policies configured at the org level (2FA enforcement, SSO) apply to all sites in the portfolio. If you set 2FA enforcement at the org level, all sites require it — you cannot exempt individual sites.
Each site in the portfolio has its own Backups panel. The org dashboard shows last-backup date per site so you can spot a site with a stale or failed backup from one view. Monthly backup verification should cover at least the production sites.
The org dashboard shows a roll-up of recent Activity Log events across all sites. Site-level events (content published, settings changed, users added) appear in the per-site Activity Log; security events (logins, 2FA changes, SSO events) are surfaced in the org-level view.
Users managed at the org level have a single identity across all sites. Their per-site role assignments determine what they can do on each site. Org-level management means you add and remove the person once, not once per site.
Each site in the portfolio has its own SG-Dashboard with site-specific analytics. Cross-site analytics aggregates (total page views across the portfolio, total active users) are available only in the org-level dashboard view — not in individual site dashboards.
Before you start
You are signed in as a Platform Admin with org-level access. Site-level Platform Admins can manage one site; org-level Platform Admins see the full portfolio. If you cannot see the Organization menu in SG-Admin, your account has site-level access only — contact your account representative.
Naming convention should cover production sites, staging sites, and any internal-only sites. Decide before site #3 — switching naming mid-portfolio is painful. Write the convention in a one-page document and share it with everyone who will create sites.
For brand asset sharing, you have a canonical location where logo files, fonts, and palette data are stored — a shared drive, a brand portal, or a media folder on the primary site that other sites reference. Without a canonical source, brand assets diverge site by site over time.
You know which 2FA and password policies apply org-wide. These cannot be set differently per site — they are org-level settings that apply uniformly. If your compliance requirements dictate specific settings, set them at the org level before adding sites, not after.
If you are about to add a new site, confirm whether it belongs under the existing org (same legal entity, same billing) or should be a separate org (separate entity, separate liability). The decision is much harder to change later — review "When to split into multiple SGEN orgs" below before proceeding.
Like a production system, a portfolio should not have a single point of failure in its administration. If the only org-level admin leaves or is unavailable, regaining org access requires support involvement.
Where to find it
Open SG-Admin. If your account has org-level Platform Admin access, the top navigation shows an Organization item alongside the site-level items.
The org-level dashboard is the home tab under Organization. It shows every site in the portfolio with health, uptime, last-activity, and last-backup timestamp per site; a roll-up of recent Activity Log events across all sites; pending billing items and upcoming renewals; and a cross-site user roster showing authentication status per user across all sites. Bookmark it — it is the morning sweep destination for anyone managing more than two sites.
The site list at the top is the busiest part of the screen. Each row gives you four things at a glance: the site's display name, its plan tier, when it last successfully backed up, and the timestamp of the most recent admin or content activity. Status pills on the right call out anything that needs attention — a stale backup, an offline site, a site that has not seen activity in an unusual amount of time. The column ordering is fixed so the eye learns where to look; you do not need to re-sort the list to find the same data twice.
The Organization overview panel below the site list is the second thing to read. It summarizes the portfolio totals and surfaces any alerts that span multiple sites. A site-level alert appears in the site row above; an org-level alert (a policy that needs review, a renewal that is approaching, a user who hasn't completed onboarding) appears in the overview panel.
4 sites total (3 live, 1 staging) · 17 users across all sites (13 with 2FA, 4 SSO) · security policy set to 2FA required for all users with a 14-day grace period · plan spend is the sum of one Business, one Professional, and two Starter tiers. Most recent cross-site activity: a content editor published on the wholesale site 2 hours ago. Open alert: the events site's backup has been stale for 6 days and needs investigating before the next scheduled run.
Setting up consistent naming across sites
Before adding your third site, document your naming convention. A workable pattern:
| Site type | Naming pattern | Example |
|---|---|---|
| Production (custom domain) | Own domain | yoursite.com |
| Production (SGEN subdomain) | brand-prod.sgen.com | yourstore-prod.sgen.com |
| Staging | brand-staging.sgen.com | yourstore-staging.sgen.com |
| Internal | brand-internal.sgen.com | yourstore-internal.sgen.com |
| Regional | brand-region.sgen.com | yourstore-eu.sgen.com |
The pattern matters more than which one you pick. Apply it to the site's display name in the org dashboard as well as the domain or subdomain, so the naming is consistent everywhere the site appears.
A short shared document captures the convention for everyone who creates sites. Keep it under one page so it is read:
# Your Store — site naming convention (v1, owned by Platform Admin team)
## Display names (shown in the org dashboard)
# Primary production: Your Store
# Other production: Your Store — Wholesale
# Your Store — Events
# Staging: Your Store — Staging
# Internal-only: Your Store — Internal
## Domains and subdomains
# Primary custom domain: yoursite.com
# Other custom domains: wholesale.yoursite.com
# events.yoursite.com
# Staging (SGEN sub): yourstore-staging.sgen.com
# Internal (SGEN sub): yourstore-internal.sgen.com
## Rules
# 1. Display name + domain must be decided together; do not change either alone.
# 2. Staging sites are tagged Staging in the org dashboard. Never run live traffic on them.
# 3. New sites added by anyone other than a Platform Admin must be reviewed within 7 days.
# 4. Site naming changes require sign-off from a second Platform Admin.
# 5. When a site is retired, archive its display name. Do not re-use it for a different site. The one-page naming convention shared with every Platform Admin — reviewed at portfolio onboarding.
Managing users at the org level
In SG-Admin, go to Organization → Users.
Click Add user to create a new org-level account. Enter the user's email, first name, and last name.
The user receives an invitation email. They set their password (or connect via SSO if SSO is configured).
After the user accepts the invitation, assign them to the appropriate sites with the appropriate role at each site. Open each site's Users list and add the org-level user with the correct site role.
When a user leaves the organization, deactivate them from the org-level Users list. This removes their access to all sites simultaneously — you do not need to remove them from each site individually.
Role assignment by site: the same person can have different roles on different sites. A content manager may be a Platform Admin on the primary marketing site but only an Editor on the event site. Assign roles at the site level; the identity is managed at the org level.
The split between identity and role is the central pattern. The identity — the email address, the password, the 2FA enrolment, the SSO connection — is created once at the org level and travels with the person across every site they touch. The role — Platform Admin, Editor, Author, Contributor — is set per site and reflects what the person does on that site. This is why org-level deactivation revokes access everywhere in one action: the identity is gone, so the per-site roles attached to that identity stop authenticating.
Avoid the temptation to create a duplicate account for someone on a second site rather than promoting the existing org-level identity. Two accounts for the same person means two sets of credentials, two 2FA enrolments to maintain, two audit trails to reconcile, and two deactivations to remember on offboarding. The org-level identity costs nothing extra; use it.
Setting org-wide security policies
In SG-Admin, go to Organization → Settings → Security.
Set 2FA enforcement, password policy, and login throttling here.
These settings apply to all users on all sites under the org. There is no per-site override.
Save changes.
For SSO configuration, see the two-factor authentication and SSO guide — SSO is also configured at the org level and applies to all sites.
The reason these settings are org-wide and not per-site is operational, not technical. If two sites in the same org run different security policies, the weaker site becomes the entry point for an attacker who already has an org-level identity — the 2FA enforcement on the stricter site is bypassed by signing in through the weaker site first, then pivoting across the shared identity. The unified policy closes that gap. If your business genuinely needs different policies for different sites, that is the strongest possible signal that those sites belong in separate orgs.
When you change an org-level policy, the change applies to all sites at the next user session. There is no per-site rollout, no canary group, no schedule. Communicate the change to all site teams before saving — particularly if you are tightening a policy (raising the minimum password length, enabling 2FA enforcement) that will force users to take action on their next login. A 14-day grace period for 2FA enforcement gives users time to enrol without a hard lockout on the morning of the change.
Two-factor authentication: Required for all users (options are Optional · Required for Platform Admins only · Required for all users). Minimum password length: 12 characters, enforced at next password change for existing users and immediately for new accounts. Session timeout: 8 hours of inactivity. Failed login lockout: 10 attempts, 15-minute lockout. These settings cannot be set differently per site — if you need a stricter policy for one site and a relaxed one for another, that is a signal those sites may belong in different orgs.
Cross-site reporting
Some metrics matter at the org level, not per site.
How many distinct people have active accounts, regardless of which site they primarily use.
Total traffic across the portfolio gives a picture of overall audience engagement.
The sum of all site plan tiers in the portfolio; useful for budget tracking and renewal planning.
Failed login attempts across all sites, 2FA reset requests, SSO events, and audit-log anomalies consolidated in one view.
The security event roll-up deserves the most attention of the four. A spike in failed login attempts on one site is a per-site investigation. A spike in failed login attempts across three sites at once is a different signal — it suggests an attacker is rotating across the portfolio. The org-level view is the only place where that pattern is visible at all. Set a recurring time once a week to glance at the roll-up; the cost is two minutes and the upside is catching a coordinated attempt before it converts.
These aggregates are available in the org dashboard. Per-site analytics — post-level views, traffic source breakdown, conversion events — remain in each site's SG-Dashboard. For compliance reporting or budget reviews that require the full cross-site picture, the org dashboard's export function produces a summary covering all sites in the portfolio; the per-site Activity Log exports cover site-level audit evidence.
Grew steadily every month, from 42,100 page views in December to 53,600 in May.
The standout — more than doubled over the same six months, from 7,400 to 18,900.
Drifting down month over month, from 5,200 to 4,300 — worth a content review at the next monthly sweep.
The aggregate page-view trend over the last six months is the quickest read on whether portfolio traffic is steady, growing, or shrinking. Use it to spot a site that is dragging the portfolio down, or a site that is quietly carrying the bulk of audience demand.
Monitoring backup health across the portfolio
From the org dashboard:
Open SG-Admin → Organization.
The site list shows the last-backup date per site. Any site with a stale backup (older than the plan's cadence window) shows an amber indicator.
Click into any site showing an alert to open that site's Backups panel directly.
Address backup failures before continuing with other work — a site without a recent backup is a site without a recovery path.
The reason backup health is the first thing the morning sweep looks at is that a backup miss compounds in a way that other portfolio issues do not. A drifted brand asset is fixed in a few minutes. An outdated user role is fixed in seconds. A missed backup, however, means that if anything goes wrong with the site before the next backup succeeds, the recovery point jumps from "yesterday" to "last week" or worse. Most customer-facing damage from a site incident is not the incident itself — it is the data lost between the last good backup and the moment of recovery. Backup stale is the only org-dashboard alert that should interrupt other work the moment it appears.
A site with status Backup stale in the org dashboard means the last successful backup is older than expected for that plan tier. This could be a failed backup run, a plan change that altered the schedule, or a new site that hasn't yet completed its first backup. Investigate each case.
Total sites in the portfolio.
Sites running with no outstanding alert.
Non-production site, expected to never carry live traffic.
The actionable item for this sweep — investigate before moving on.
Nothing offline in a healthy sweep.
In this snapshot, the Backup stale count of 1 is the actionable item — that is the events site flagged in the earlier list view. Everything else is green. The morning sweep is done after the stale-backup site is investigated and resolved.
Maintaining a shared brand asset library
For sites that share a brand identity — a franchise, a parent-and-sub-brand structure, a multi-region portfolio — maintain one canonical source for brand assets. Fragmented brand management is the number one source of visual inconsistency across a portfolio.
Keep SVG and PNG versions of all logo variants (primary, reversed, monogram) in a shared drive folder. When the logo updates, replace the files in the shared folder and re-upload to each site from that source.
Use SGEN's Custom Fonts feature on each site with the same font name and configuration. A shared spec document (font name, weight, axis settings) ensures all sites configure fonts identically.
Document the exact hex values and their role names (primary, secondary, accent, neutral). Use the same values in SGEN's global settings on each site. A one-character color mismatch is invisible at a glance and highly visible in a side-by-side.
Maintain a reference image guide for photography treatment (ratio, subject distance, color temperature) so content teams on different sites produce visually consistent imagery.
When the brand updates — a logo refresh, a new color palette, a typography change — update the canonical source first, then apply to each site in the portfolio. Document the update in the team ops notes so all site teams know what changed.
The reason brand drift is the hardest problem to fix later, not earlier, is that no single update breaks anything visibly. A button on one site uses last year's accent color while another site uses this year's. A logo on a footer was never replaced when the new variant shipped. A heading typeface was set to the old weight on one site because the new weight had not been uploaded yet. None of these are urgent on the day they happen. Six months later, when a stakeholder pulls up the sites side by side, the brand looks tired — and the work to align everything is real, because each site needs its own visit, its own asset update, and its own verification pass. The monthly spot-check catches drift while it is still cheap to fix.
For organizations large enough to have a separate brand team, the brand team should own the canonical asset folder and the team operating SGEN should pull from it. For smaller organizations where the Platform Admin team also owns the brand assets, designate one Platform Admin as the brand-asset owner so updates have an accountable single source. Either way: one canonical source, all sites pull from it, drift is caught monthly. Anything else compounds into a brand-refresh project that nobody scheduled.
Running a monthly org-level sweep
The monthly sweep is the operating discipline that keeps a portfolio healthy without anyone having to react to a stakeholder report. Schedule it for the same day each month — the first Monday is common — so it survives team changes and competes successfully for calendar space with the inevitable urgent items.
Review the org dashboard for any site health alerts — stale backups, offline sites, failed backup events.
Deactivate anyone who has not logged in for 90+ days. Recent hires who accepted invitations but never completed setup also appear here — follow up or deactivate.
Look for unusual events — unexpected admin access, settings changes on sites that should be quiet, a spike in failed login attempts.
Confirm the backup verification restore was completed for at least the primary production site.
Confirm plan tiers are correct, upcoming renewals are expected, and no sites are on plans that no longer fit their traffic or needs.
Check 2-3 pages on each site. It is easy to let it slip — a monthly comparison catches drift before it becomes embarrassing.
The order matters. Backups first because backup failures are the only items that compound in cost the longer they go unaddressed. User roster second because inactive accounts are a security surface that grows over time and a tidy roster makes other reviews faster. Activity log roll-up third because it surfaces the unexpected — the items you would not have known to ask about. Backup verification, billing, and brand checks last because they are smaller in stakes and benefit from the cleared attention left after the first three checks are complete.
The sweep takes 15-30 minutes depending on portfolio size. Add it to a shared calendar item so it survives team changes — the sweep should happen whether or not the usual admin is available.
Example scenarios
Four realistic situations showing the patterns from this guide in practice.
Your Store launches a wholesale site alongside its existing primary site. The platform admin creates the new site under the existing org (same billing, same legal entity), applies the established naming convention, and adds the wholesale-specific content team at the Editor role for the wholesale site only — they cannot see or access the primary site. The org-level 2FA enforcement automatically applies to the new site with no extra configuration. The new site appears in the org dashboard alongside the primary site, and its backup health is visible from the same view.
Result: "Site wholesale.yoursite.com added to Your Store organisation. Org-wide security policy applied automatically. Assign site-level user roles to complete setup."
A portfolio that started with 2 sites has grown to 7. Three different Platform Admins have set different security policies on different sites over time — some sites have 2FA required, others have it optional. The new lead platform admin audits security settings across all 7 sites using the org-level Users view, finds 3 sites with 2FA optional and 4 users with password-only authentication, and sets 2FA enforcement at the org level to "Required for all users" with a 14-day grace period. All 7 sites immediately fall under the unified policy. The admin monitors the pending-enrollment count over the 14-day window and sends reminders at day 7 and day 12. By day 14, all 4 have enrolled.
Result: 13 users already enrolled, no action required. 4 users pending enrollment, required to complete within the 14-day grace period. Policy set and monitored by the platform admin.
A content manager leaves Your Store. They had Editor access on three sites: primary, wholesale, and events. Rather than removing them from each site individually, the platform admin goes to Organization → Users and deactivates the account. Access to all three sites is revoked in one action. The SSO assignment in the identity provider is also removed by IT, which would have revoked SGEN access at the next session expiry anyway. The deactivation is logged in the Activity Log across all three sites with timestamp and acting admin.
Result: Previous roles were Editor on all three sites. Deactivation is org-level — access revoked on all sites simultaneously, all active sessions terminated immediately. SSO deprovisioning confirmed — access will not be re-provisioned on the next login attempt.
On the first Monday of the month, the platform admin blocks 25 minutes for the portfolio sweep. The org dashboard opens, the site list is scanned, and the four checks run in order: backups, users, activity-log roll-up, billing. The sweep finds three actionable items — one stale backup, two inactive user accounts, and a plan-tier mismatch on the events site. None are emergencies; all are flagged before they become problems. The stale backup is resolved by triggering a manual run, the two inactive accounts are deactivated, and a billing conversation about the events site plan tier is scheduled for the following week.
Result: 4 sites checked — 3 healthy, 1 stale (resolved with a manual run in 4 minutes). 17 user accounts reviewed — 2 inactive over 90 days deactivated. No unusual Activity Log events found. One site flagged for a plan-tier conversation. Brand spot-check of 2 pages per site — all consistent, no drift detected.
Portfolio architecture at a glance
The shape of a healthy single-org portfolio is straightforward: one organization holds every site the business runs, security and identity flow from the org level down to each site, and each site keeps its own content and configuration. A sample four-site portfolio, with the security and identity boundary drawn at the org level:
The top-level container. Every user identity and every security policy (2FA, SSO) lives here and flows down to each site below.
Inherits identity and 2FA policy from the organization.
Inherits identity and 2FA policy from the organization.
Inherits identity and 2FA policy from the organization.
Inherits identity and 2FA policy from the organization.
Reading the shape: the organization sits at the top. The sites below it are the four boxes. The inheritance lines are not data flow — they are the policy and identity inheritance lines. Every site inherits the same org-level security policy. Every user managed at the org level can be assigned a role at any of the four sites. Content, Custom Codes, and per-site analytics live inside each site and do not flow between them.
A portfolio that does not look like this — for example, four sites where each one has its own users list and its own security policy — is a portfolio that has not been set up org-first. The recovery is real work: consolidating users, aligning security policies, and re-onboarding the team to the org-level surfaces. Avoid that recovery by getting the org-level setup right before adding site #3.
When to split into multiple SGEN orgs
Most portfolios fit under one org. You would split into separate orgs only if:
Different billing, different liability, different contracts. These should not share an org even if the same technical team manages both — the legal boundary is the clearest signal for an org split.
A sensitive industry, regulatory boundary, or contractual requirement that site data not be viewable by the same admin accounts. Financial services, healthcare, and regulated industries sometimes have this requirement for specific sites.
The admins who manage one site should not be able to see another at all. Under one org, all Platform Admins see the full portfolio. If confidentiality between two business units requires that their SGEN admins cannot see each other's sites, that is an org split.
If none of these apply, stay in one org. The unified view, unified security policies, unified user management, and unified billing overview are all stronger in one org than split across two.
If you are considering a split, talk to your account representative first. Migration between orgs is non-trivial — it involves data transfer and a period where access management must be handled manually. The decision is meaningfully easier to make before a site has live traffic and a content history.
A useful test before committing to a split: imagine writing one shared security policy that applies to every site in question, with no per-site exceptions. If you can describe one policy the team would agree to, the sites belong in one org. If two sites genuinely need different policies that cannot be reconciled — different password rules, different 2FA enforcement, different session timeouts — that is a clear org-split signal. Run the same test for users: imagine one user list that spans all sites with per-site role assignments. If that user list is readable and accurate, one org is correct. If it is unreadable because the same email represents different real people on different sites, the sites belong in different orgs.
Most teams who think they need an org split discover, on running these two tests, that one org fits. The desire for separation is often a desire for cleaner per-site reporting or scoped access for a specific team — both of which are solvable inside one org through site-level role assignments and the per-site analytics surfaces. Reserve the org split for the cases where the legal, regulatory, or confidentiality boundary genuinely requires it.
What success looks like
A well-run multi-site portfolio has four signals.
No site has a stale backup or an offline status. The morning sweep takes under 5 minutes because everything is green. A portfolio where the morning sweep turns up an alert is a portfolio that has drifted.
No accounts with "password only" authentication status. No accounts inactive for 90+ days still showing as active. No duplicate accounts for the same person across different sites. Org-level management means the roster is accurate and current.
The same 2FA enforcement, password policy, and session timeout applies across all sites. There are no exceptions for any site or any user. A security audit of the portfolio produces the same policy settings on every site.
Spot-checking 2-3 pages on each site shows the same logo variants, the same color palette, the same typography. Drift in one corner — an older logo on one site, a slightly-off-brand button color on another — is caught and fixed in the monthly sweep before it becomes a customer-facing issue.
If all four are green, the portfolio is under control. If any one is amber — a stale backup, an inactive account, a site with different security settings, a brand mismatch — address it in the next monthly sweep rather than letting it accumulate. The monthly sweep's value compounds: a portfolio swept 12 times a year never drifts far enough to require a major correction session.
A useful framing: the difference between a portfolio that needs constant attention and one that runs cleanly is not the number of sites, the size of the team, or the complexity of the content. It is the discipline of putting org-level work at the org level and per-site work at the site level. Teams that hold that line operate 8-site portfolios with the same effort other teams spend on 3-site portfolios. Teams that do not hold the line spend an outsized portion of their week on coordination overhead that should not exist.
The four signals above are the read on whether the discipline is holding. If you can show a stakeholder the org dashboard and the four signals are green, the portfolio is in a defensible state. If any one is amber and has been amber for more than a sweep cycle, the discipline has slipped and the recovery work is the next priority.
Anti-patterns
Keep it scoped to genuine multi-site owners. A Platform Admin can see and modify every site in the org. Content editors, regional managers, and individual site owners should get site-level roles, not org-level Platform Admin. The principle of least privilege applies especially strongly to a role that has cross-site reach.
Org-level security settings apply uniformly. If you find yourself trying to set different policies per site, that is a signal the sites may belong in different orgs, or that the policy you are trying to enforce at the stricter site should be the org-wide standard. Differential security policies in the same org create gaps and a false sense of security at the stricter sites.
Sites you never visit are sites that drift — content becomes stale, backups fail undetected, inactive accounts accumulate. Add the monthly sweep to your calendar as a non-negotiable item. It is the only way to know the portfolio is healthy without waiting for a user to report a problem.
If two sites need the same blog post, plan the syndication explicitly using SGEN's import/export or a documented workflow. Ad-hoc copy-paste creates divergent versions, attribution problems, and maintenance overhead when the content needs to be updated later.
The staging site should have the same security policies as production. It contains real configuration data and often mirrors production content. Relaxing security on staging because "it's not prod" is a common mistake — staging is a target for the same threats as production.
The naming and org structure decision is easiest at two sites and hardest at eight. Make the architectural decision early and write it down. A one-paragraph document explaining the org structure and naming convention is worth more than any amount of retroactive cleanup.
This creates split identities — the same person appears as different accounts on different sites. When they leave, you have to remove them from each site separately and risk missing one. Always add users at the org level first, then assign site roles.
The shared pattern across these anti-patterns is treating per-site operations as the default. The org-level surfaces exist precisely so the team does not have to repeat work for every site. When you find yourself opening a site's Users list to add someone who already has an org-level identity, or copying a Custom Code from one site to another, or setting different security policies for two sites in the same org — pause and ask whether the work should happen at the org level instead. The right answer is usually yes, and the time spent doing it correctly compounds across every subsequent operation.
The discipline takes a few weeks to become automatic. The portfolio that runs cleanly six months in is the one where the team built the org-first habit early. The portfolio that needs a major cleanup project is the one where the per-site shortcuts were taken too often in the first six months.
Troubleshooting
Common issues and their fixes.
The site may have been created under a different org account, or associated with a different login. Check that you are logged in with the org-level Platform Admin account. If a colleague created the site with their own account, they may need to transfer it to the org or invite the org-level account as a Platform Admin on that site. If the site was added recently, allow up to 10 minutes for it to appear — new-site propagation is asynchronous. If it is older than that and still missing, contact support.
Org-level access is granted to specific accounts. Your account may have site-level Platform Admin on one site but not org-level access. Contact your account representative or another org-level Platform Admin to grant org access. If you previously had org-level access and it has disappeared, your role may have been changed by another org-level admin — check the Activity Log, which shows who made the change and when.
Sites already running under a separate SGEN account need to be transferred into the org by support. Contact your account representative with the existing site URL, the destination org name, and a one-line note about why you want the transfer. Support handles the transfer with a defined process that preserves all site content, users, and history — plan a brief downtime window in coordination with support for the cutover.
Org-level security policies propagate to all sites automatically. Try refreshing the org dashboard and allow a few minutes for the policy to propagate. If the discrepancy persists after 10 minutes, contact support. Users who were already signed in when the policy changed do not see the new policy until their next session — this is expected, not a bug. To force every active session to re-authenticate immediately, use the org-level "Sign out all sessions" action.
Site migration between orgs requires support involvement. Contact your account representative or the SGEN support team. Do not attempt to recreate the site manually in the new org — that loses all content history, backup snapshots, and activity log data. Support handles the migration with a defined process that preserves all site data.
Org-level user management creates the identity; site-level role assignment grants access to each site. Adding someone to the org does not automatically give them access to any site. Open the specific site's Users list and add the org-level user with the appropriate site role. If they still cannot sign in, confirm they have completed their org-level account setup — accepted the invitation and set a password or connected SSO.
Org-level deactivation should propagate to all sites and terminate all active sessions. If a site still shows the account as active, the session may not have expired yet. Deactivation takes effect immediately — the user cannot create a new session — but existing sessions expire within a few minutes.
The org-level roll-up shows a summary of recent events, not a complete log. For full per-site log access, open the individual site's Activity Log. If events that should appear in the roll-up are consistently absent from a specific site, contact support — there may be a log aggregation issue for that site.
Check the per-site role assignment, not the org-level identity. The org-level identity is one record; the per-site role is set separately for each site. A user who can edit on one site but only view on another is configured correctly if you intended those two roles. Open each site's Users list to confirm the assigned role — the org-level Users list shows the identity but not per-site roles in one view.
Site creation takes a few minutes to propagate to the org-level views. If it still doesn't appear after 10 minutes, refresh the org dashboard and check that you created the site under the correct organization. If it is still missing, open the per-site admin URL directly — if the site loads, it exists but the dashboard aggregation may need a manual refresh. Contact support if the discrepancy persists past 30 minutes.
Plan tier changes are managed through billing. Contact your account representative to upgrade or downgrade a specific site's plan. The org dashboard shows current plan tier per site; the billing view (Organization → Billing) shows the cost breakdown and upcoming renewal dates. Align plans before a renewal date to avoid being charged for a partial period at the wrong tier.
Site transfers between orgs require support involvement. If it is early in the site's life (little content, no live traffic), the fastest resolution may be to create the site fresh in the correct org and delete the mis-assigned one — but only after confirming there is no content to preserve. For established sites, contact support for a proper migration. Confirm the destination org with another Platform Admin before requesting the transfer, and document the decision in the team ops notes.
Planning for growth
If your portfolio is likely to grow from 3-4 sites to 10+ over the next 12-18 months, set the structural patterns now rather than retrofitting them later.
Do this before adding site #3. A shared document that explains which sites belong where and why saves hours of confusion when the 8th site is added.
A 20-minute sweep on 4 sites becomes a 45-minute sweep on 12 sites — but both are feasible if the habit is established early.
At 2-3 sites, one Platform Admin can manage all of them comfortably. At 8-10 sites, each site should have a designated owner — a site-level Platform Admin accountable for that site's health — with the org-level admin playing a coordination and oversight role.
As the portfolio grows, the risk of a configuration change on one site breaking another site increases. A staging site that mirrors the most-used configuration is an essential testing surface.
A single org admin is a single point of failure for the entire portfolio. The cost of nominating and onboarding a second admin is small; the cost of trying to do it under duress is substantial. Treat the second admin slot as a non-optional structural item.
Review whether the right sites are in the right org, whether user roles are still appropriate, whether the naming convention is still being followed, and whether any sites should be retired. The monthly sweep catches operational drift; the quarterly review catches structural drift. Both compound when skipped.
The portfolios that scale gracefully are the ones where the structural decisions were made early and revisited periodically. The portfolios that need expensive remediation are the ones where every site was added under operational pressure, each in its own configuration, with cleanup deferred to a later date that never arrives. The earlier the discipline lands, the cheaper it stays.
