With , you now have the ability to share and link consent given by a user on one Website or Mobile App across your other managed Websites and Mobile Apps. This is achieved through a user profile that contains the consent given by the user from the first property interaction. The user profile is shared across the protected OneTrust cloud to additional devices or browsers where the user chooses to roam safely creating a seamless user experience.
For a diagram of the consent flow, see Cross Domain and Cross Device Consent Screen Reference.
Once a known user is identified, via logging in for example (though we do not require this method), their unique user identifier is passed to OneTrust. Using this unique identifier we create a consent profile on our cloud. This profile now holds all the choices they made on the banner or preference center.
The next time the user logs in or goes to another property and logs in, OneTrust will first look for that user ID in our cloud and return with the previously gathered consent configuration. Using the consent configuration from our cloud, we will then update their consent on their device or browser so that it can be read by your integrations. Additionally, the banner will not appear after syncing with the user profile from the server.
An example where the banner would not re-appear, user navigates to website that requires consent for A and B. User consents to A and B on the website. After this, the user logs into the Mobile App that requires consent for A and B. Consent for both A and B are synced, no banner is shown the the user.
For one example of where the banner would reappear.
-
User navigates to website that requires consent for A and B.
-
User consents to A and B on the website.
-
After this, the user logs into the Mobile App that requires consent for A, B and Z.
-
Consent for both A and B are synced, but the banner could be shown here depending on how the geolocation rules are configured.
The reason the banner would be shown in this example is because the user has never consented to Z before. Therefore, the banner would still be shown as it is still a choice not yet made by the user.
-
You cannot leverage this feature if the Use Distinct Script Src URL setting is enabled for your CDN scripts.
-
The user must be a known user and have previously consented meaning they have a data subject identifier profile in OneTrust.
-
Purposes must be shared across web and mobile properties.
-
Currently only fully synced profiles will result in the banner not reappearing to the user.
-
User identifier should be passed before OneTrust script is loaded or the OneTrust SDK is initialized.
-
User identifier can be any unique identifier of your choosing, e.g. email, phone number, unique user ID.
-
Consent is shared within a consent group.
Note
Utilizing multiple consent groups is not yet supported.
-
Syncing IAB Purposes/Vendors for TCF 2.0 is now supported if you wish to share vendor lists across various properties in a consent group.
-
Consent is stored on the OneTrust cloud. This allows us to share consent not only across domains, but across different devices and applications as well.
How to Pass User Identifiers to OneTrust
Prerequisites
-
A reliable way to identify a user.
-
The ability to create a JSON Web Token (JWT) authorization token. This will be passed to OneTrust servers to ensure authenticated access to a user's consent profile.
The 'your-256-bit-secret' will be your Public Key - you will enter this in OneTrust Settings, more details below.
The unique user identifier will be passed in the data payload as the sub.
The token generated will be used in the snippet you place before the OneTrust script.
-
You must upload the Public Key for JWT in your OneTrust tenant.
-
Use Gear icon to navigate to the Settings screen.
-
Under the , select .
-
Add the Public Key and click Save.
Note
If using RSA keys, the key must be generated in PEM format to function properly.
-
Create a Consent Group in Cookie Consent.
-
Enable Consent Logging in Cookie Consent.
Website
-
Identify the user. This can be done using your existing authentication methods.
-
Pass the OneTrust user ID. You will need:
-
Unique User Identifier
-
The JWT authorization token that includes the Unique User Identifier.
-
The following code snippet should be executed before the OneTrust script is loaded.
var OneTrust = {
dataSubjectParams: {
id: "[Insert User ID Here]",
isAnonymous: false,
token : '[Insert JWT Token Here]'
}
};
-
Use a new script tag for cross device.
Once you turn on Cross Device via creating a consent group, the Script Tag in the Script Integration page will be updated to reflect the required script tag for Cross-Device.
You will see the preferences sync under the Request URL https://consent-api.onetrust.com/v1/preferences?syncgroup= in DevTools appended with sync group ID.
Mobile App
-
Identify the user. This can be done using your existing authentication methods.
-
Pass the OneTrust SDK the params.
-
Android
// Define the Profile Sync Params
OTProfileSyncParams otProfileSyncParams = OTProfileSyncParams.OTProfileSyncParamsBuilder.newInstance()
.setSyncProfile("true")
.setSyncProfileAuth("[Insert JWT Token Here]")
.setIdentifier("[Insert User ID Here]")
.build();
// Define OT SDK Params and pass the Profile Sync Params reference
OTSdkParams sdkParams = OTSdkParams.SdkParamsBuilder.newInstance()
.setProfileSyncParams(otProfileSyncParams)
.shouldCreateProfile("true")
.build();
// Initialize the SDK
otPublishersHeadlessSDK.startSDK(
"[Insert CDN Location Here]",
"[Insert App Id]",
"[Insert Language Code Here]",
sdkParams
)
// Profile syncing will happen on completion of the startSDK() call -
iOS
// Define the Profile Sync Params
let profileSyncParams = OTProfileSyncParams()
profileSyncParams.setSyncProfile(true)
profileSyncParams.setSyncProfileAuth("[Insert JWT Token Here]")
profileSyncParams.setIdentifier("[Insert User ID Here]")
// Define OT SDK Params and pass the Profile Sync Params reference
let sdkParams = OTSdkParams()
sdkParams.setProfileSyncParams(profileSyncParams)
sdkParams.setShouldCreateProfile(true)
// Initialize the SDK
OTPublishersHeadlessSDK.shared.startSDK(
"[Insert CDN Location Here]",
"[Insert App Id]",
"[Insert Language Code Here]",
sdkParams
)
// Profile syncing will happen on completion of the startSDK() call
Cross Domain and Cross Device Consent Screen Reference
-
On the menu, select . The Consent groups screen appears.
-
Click the Create group button. The Create consent group screen appears.
-
Use the checkboxes to select the websites and apps you want to add to the consent group.
-
Click the Next button.
-
Enter a name and description for the group.
You can also enable or disable the Override server consent when unknown users log in setting.
-
Click the Create button.
To configure consent group settings
-
On the menu, select . The Consent groups screen appears.
-
Select the name of a consent group. The Consent group details screen appears.
-
Navigate to the Settings tab.
-
Configure the settings.
To enable syncing notifications
-
On the menu, select . The Consent groups screen appears.
-
Select the name of a consent group. The Consent group details screen appears.
-
Navigate to the Syncing notification tab.
-
Enable the Enable syncing notification setting. A preview displays.
-
Click the Go now link next to a template to edit the template details. For more information, see Customizing the Preference Center Template.
