Salesforce

Cross-Domain and Cross-Device Consent

« Go Back
Information
Cross-Domain and Cross-Device Consent
UUID-750c79df-692c-7418-a395-af2acaa45601
Article Content

With Cookie Consent, you now have the ability to share and link consent given by a user on one Website or Mobile App across your other managed Websites and Mobile Apps. This is achieved through a user profile that contains the consent given by the user from the first property interaction. The user profile is shared across the protected OneTrust cloud to additional devices or browsers where the user chooses to roam safely creating a seamless user experience.

Note

In addition to Cookie Consent, the Consent Rate Optimization feature must be enabled in order to configure cross-domain and cross-device consent. Contact your OneTrust account representative if you require the Consent Rate Optimization feature or click here to learn more.

How does it work?

For a diagram of the consent flow, see Cross Domain and Cross Device Consent Screen Reference.

Once a known user is identified, via logging in for example (though we do not require this method), their unique user identifier is passed to OneTrust. Using this unique identifier we create a consent profile on our cloud. This profile now holds all the choices they made on the banner or preference center.

The next time the user logs in or goes to another property and logs in, OneTrust will first look for that user ID in our cloud and return with the previously gathered consent configuration. Using the consent configuration from our cloud, we will then update their consent on their device or browser so that it can be read by your integrations. Additionally, the banner will not appear after syncing with the user profile from the server.

An example where the banner would not re-appear, user navigates to website that requires consent for A and B. User consents to A and B on the website. After this, the user logs into the Mobile App that requires consent for A and B. Consent for both A and B are synced, no banner is shown the the user.

For one example of where the banner would reappear.

  1. User navigates to website that requires consent for A and B.

  2. User consents to A and B on the website.

  3. After this, the user logs into the Mobile App that requires consent for A, B and Z.

  4. Consent for both A and B are synced, but the banner could be shown here depending on how the geolocation rules are configured.

The reason the banner would be shown in this example is because the user has never consented to Z before. Therefore, the banner would still be shown as it is still a choice not yet made by the user.

Key Points

  • You cannot leverage this feature if the Use Distinct Script Src URL setting is enabled for your CDN scripts.

  • The user must be a known user and have previously consented meaning they have a data subject identifier profile in OneTrust.

  • Purposes must be shared across Web and Mobile properties.

  • Currently only fully synced profiles will result in the banner not reappearing to the user.

  • User identifier should be passed before OneTrust script is loaded or the OneTrust SDK is initialized.

  • User identifier can be any unique identifier of your choosing, e.g. email, phone number, unique user ID.

  • Consent is shared within a consent group.

    Note

    Utilizing multiple consent groups is not yet supported.

  • Syncing IAB Purposes/Vendors for TCF 2.0 is now supported if you wish to share vendor lists across various properties in a consent group.

  • Consent is stored on the OneTrust cloud. This allows us to share consent not only across domains, but across different devices and applications as well.

How to Pass User Identifiers to OneTrust?

Prerequisites

  • A reliable way to identify a user.

  • The ability to create a JSON Web Token (JWT) authorization token. This will be passed to OneTrust servers to ensure authenticated access to a user's consent profile.

    The 'your-256-bit-secret' will be your Public Key - you will enter this in OneTrust Settings, more details below.

    The unique user identifier will be passed in the data payload as the sub.

    The token generated will be used in the snippet you place before the OneTrust script.

  • You must upload the Public Key for JWT in your OneTrust tenant.

    Note

    This is a Preview Feature. You will need to have the feature enabled for your tenant to use this feature.

    1. Use Gear icon to navigate to the Settings screen.

    2. Under the Consent, select Public Keys.

    3. Add the Public Key and click Save.

  • Create a Consent Group in Cookie Consent.

  • Enable Consent Logging in Cookie Consent.

Website

  1. Identify the user. This can be done using your existing authentication methods.

  2. Pass the OneTrust user ID. You will need:

    • Unique User Identifier

    • The JWT authorization token that includes the Unique User Identifier.

    • The following code snippet should be executed before the OneTrust script is loaded.

          var OneTrust = {
            dataSubjectParams: {
                id: "[Insert User ID Here]",
                isAnonymous: false,
                token : '[Insert JWT Token Here]'
            }
          };
  3. Use a new script tag for cross device.

    Once you turn on Cross Device via creating a consent group, the Script Tag in the Script Integration page will be updated to reflect the required script tag for Cross-Device.

CC_CrossDomain2.png
CC_CrossDomain3.png
CC_CrossDomain5.png

You will see the preferences sync under the Request URL https://consent-api.onetrust.com/v1/preferences?syncgroup= in DevTools appended with sync group ID.

CC_Cross6.png
CC_Cross7.png

Mobile App

  1. Identify the user. This can be done using your existing authentication methods.

  2. Pass the OneTrust SDK the params.

    • Android

      // Define the Profile Sync Params
      OTProfileSyncParams otProfileSyncParams = OTProfileSyncParams.OTProfileSyncParamsBuilder.newInstance()
        .setSyncProfile("true")
        .setSyncProfileAuth("[Insert JWT Token Here]")
        .setIdentifier("[Insert User ID Here]")
        .build();
      
      // Define OT SDK Params and pass the Profile Sync Params reference
      OTSdkParams sdkParams = OTSdkParams.SdkParamsBuilder.newInstance()
        .setProfileSyncParams(otProfileSyncParams)
        .shouldCreateProfile("true")
        .build();
      
      // Initialize the SDK
      otPublishersHeadlessSDK.startSDK(
        "[Insert CDN Location Here]",
        "[Insert App Id]",
        "[Insert Language Code Here]",
        sdkParams
      )
      
      // Profile syncing will happen on completion of the startSDK() call
    • iOS

      // Define the Profile Sync Params
      let profileSyncParams = OTProfileSyncParams()
      profileSyncParams.setSyncProfile(true)
      profileSyncParams.setSyncProfileAuth("[Insert JWT Token Here]")
      profileSyncParams.setIdentifier("[Insert User ID Here]")
      
      
      // Define OT SDK Params and pass the Profile Sync Params reference
      let sdkParams = OTSdkParams()
      sdkParams.setProfileSyncParams(profileSyncParams)
      sdkParams.setShouldCreateProfile(true)
      
      // Initialize the SDK
      OTPublishersHeadlessSDK.shared.startSDK(
        "[Insert CDN Location Here]",
        "[Insert App Id]",
        "[Insert Language Code Here]",
        sdkParams
      )
      
      // Profile syncing will happen on completion of the startSDK() call

Cross Domain and Cross Device Consent Screen Reference

Cross_Device_User_Consent.png
 
Article Visibility
49,333
Translation
English
Checked

Powered by