Consent Management Getting Started
Creating a consent management implementation is simple and takes just a few minutes.
Navigate to the "Consent Management" tab in Osano, and create a new site profile.
- In the site profile, you'll add the root domain names that your web site(s) are hosted on. If you own example.com, but your web site is hosted on www.example.com, you will want to enter only example.com, Osano automatically works with subdomains of your website with no additional configuration.
- Additional Settings
- Notification Dialogue Timeout Duration (Slider) - some regional consent dialogues appear on a timer (ex. they appear for a set amount of time before disappearing). This option allows you to set how long the dialog persists on the page before disappearing.
- CCPA Opt-Out Mode (Enterprise Only) - by default, Osano utilizes an Opt-In dialog for users accessing in the US locale. This option counteracts this setting and turns the opt-in dialog into an opt-out. This option is compliant under CCPA.
- Cross-Domain (Enterprise Only) - by flipping the cross-domain switch, you have the option to add multiple domains into your configuration settings, which enable consents to be chared across unrelated domains owned by the same entity. Simply add a domain, "tab," and add additional domains.
- Sitemap URLs (Enterprise Only) - click the (+) to add your sitemap URLs in the standard XML format. If your sitemap follows the standard sitemap formatting, these connected URLs will be scanned immediately and then on a monthly basis for unclassified cookies and scripts. (Example Format)
Create Configuration and Publish
Once published, use the "get code" button to copy your osano.js and paste it into the header <head> for all pages you wish to monitor. Ensure that the osano.js is the first script that loads on your site.
It is recommended to remain in Listener until you have added the osano.js into your site and have discovered and classified all relevant scripts. In Listener mode, the consent manager will NOT block any scripts or beacons, it will NOT delete cookies, and it will NOT display dialogs to your visitors, in other words, it will not alter your site in any way. You can use Listener mode at the same time as another CMP if you are migrating away from another provider. This will ensure no gaps in compliance.
Once the osano.js is placed in your site's <head>, it can take a few minutes to a few hours before the script has captured and reported all cookies, scripts, and local storage items that exist across your sites.
Once you have collected enough reports from osano.js, you can work with your other business units to identify any unknown cookies/scripts/and local storage items to ensure that no "strictly necessary" scripts, cookies, or local storage are blocked by categorizing them appropriately in "Script Classification."
After you have categorized each script and cookie appropriately, you can enable Permissive or Strict Mode and publish these changes.
*** NOTE: You cannot publish into Permissive or Strict mode without having at least ONE (1) script classified or ONE (1) script rule in place. We recommend classifying ALL scripts/cookies prior to publishing in Strict or Permissive. ***
You will now see the consent dialog on your website!
Compliance Mode Definitions
- Listener Mode - Osano will gather script and cookie information for categorization, but the consent dialog will not appear on your webpage, and no blocking will occur.
- Permissive Mode - The consent dialog will appear on your website, and all uncategorized scripts will be identified and allowed regardless of consent given. All categorized scripts will be accepted or denied based on user selection. Compliance can be reached in Permissive Mode, but is less certain and sustainable than Strict.
- Strict Mode - The consent dialog will appear on your website, and all uncategorized scripts will be blocked until they have been classified. (Recommended - Most compliant)
With the Consent Manager Configuration screen, you will find the "Stylizing" tab. The Styling tab allows you to customize certain aspects of your Consent Manager's appearance.
Use the "Preview for Different Compliance Laws" to generate a preview of your consent dialog in different geographical locations.
*** NOTE: You cannot change which consent dialog the end-user sees as Osano automatically displays the correct dialog to each end-user based on their geotargeted location (I.P. Addresses). The dialog shown will be that which is most compliant in the user's location. ***
From here, you can customize dialog type, placement, and coloration. You have the option to customize your consent management overlay by choosing one of the Osano pre-generated themes or by setting all colors individually. If there are specific customizations that you would like to employ on your consent manager overlay, you can do this using CSS. You can find a full list of Osano Classes HERE!
Scripts and Script Classification
Once you have placed your Osano.js in the <head> of your site in "Listener" mode, Osano will begin alerting you to and displaying identified scripts. These scripts will appear in the "Scripts" section of the Consent Manager. It can take anywhere from a few minutes to a few hours for scripts to populate.
The script tab is broken up into 2 sections: Classified & Unclassified (Read Auto-Classification of Scripts and Cookies for more info.)
Once scripts are identified, you must classify them as one of the following:
Be sure to classify each script before saving and publishing out any new changes.
*** NOTE: You CANNOT switch compliance mode from "Listener" to "Permissive" or "Strict" without at least one script classified. For compliance's sake, we recommend you classify as many scripts as possible before switching out of "Listener" mode. ***
Cookies can be categorized in the same way as scripts. Classification rules can be set for cookies as well.
The cookies tab is broken up into 3 sections: Classified & Unclassified (Read Auto-Classification of Scripts and Cookies for more info.)
Once Cookies are discovered, you must classify them as one of the following:
In this section, you can also set your disclosures. Cookie Disclosures are used to disclose or list out cookies your website is using to the end-user so that they are aware of what is in use and why it is in use. In this section, you can manually add the following:
- Category (tied to the script/cookie categories above)
- Cookie Name
- Cookie Provider
- Expiration Date
- Description of the Cookie
Once added, these disclosures will appear to the end-user on your webpage in the "drawer" under their associated categories. You are not required to include cookie disclosures, but it is recommended practice for both CCPA and GDPR.
This section of Osano allows you to view a log of consents for a particular configuration. Using an Osano_UUID or a public IP address, you can search for a particular user's consent logs over a period of time. This data is encrypted and anonymized. For more information on Consent Data, contact Osano support.
Here you can see the URLs imported via your sitemap for this configuration OR add individual URLs to scan for scripts and cookies. When new URLs are added, they will be scanned immediately and then will continue on a monthly basis while active.
You can add, delete, and start/stop scans from this section.