CMP Setup Guide

This article outlines how to set up the Osano Consent Manager (Cookie Popup).

Step 1: Create A Consent Configuration 

Creating a consent management implementation is simple and takes just a few minutes. 

Navigate to the "Consent Management" tab in Osano, and create a new configuration. In the configuration settings, add the following: 

  • Name - Internal identifier for this configuration. 
  • Root Domain -  If you own example.com, but your website is hosted on www.example.com, you will want to enter only example.com. Osano automatically works with subdomains of your website with no additional configuration.
  • Policy Link Text - The text displayed on the cookie popup that links the customer to one of the following policies: 
  • Cookie Notice, Cookie Policy, Data Storage Policy, Privacy Notice, Privacy Policy.
  • Policy Link URL - The URL link to the aforementioned policy.
  • Additional Settings
    • CCPA Opt-Out Mode (Business, Business+, Enterprise)
      • By default, Osano utilizes an Opt-In dialog for users accessing from the US. When enabled, this option counteracts this setting and turns the opt-in dialog into an opt-out. This option is compliant with CCPA. [For more information, see CCPA Opt-Out Mode ]
    • IAB EU TCF 2.0 (Enterprise Only) 
      • When enabled, this switch changes all cookie popups in the EU to IAB-defined and compliant popups. [For more information, see Osano and the IAB Framework .]
    • First Layer Categories (Business, Business+, Enterprise) 
      • By default, Osano utilizes a popup containing all opt-in categories for users accessing from the EU and other select locales. When disabled, this option counteracts this setting and turns the popup into a "Manage Preferences" popup. [For more information, see First Layer Categories | Manage Preferences .]
    • Cross-Domain 
      • When enabled, the cross-domain switch, you have the option to add multiple domains into your configuration settings, which enable initial consents to be shared across unrelated domains owned by the same entity. Simply add a domain, "tab," and add additional domains. (Some domain restrictions apply). [For more information, see Cross-Domain Support .]
    • Legacy Browser Support 
      • When turned ON, Osano will generate an osano.js that supports legacy browsers and modern browsers. When OFF, Osano will generate an osano.js that only supports modern browsers. [For more information, see Legacy Browser Support.]
    • Google Consent Mode
      • When enabled, this switch will allow the Osano CMP to interact with Google Consent Mode (beta). [For more information, see Google Consent Mode.]

Create Configuration and Publish

Step 2: Add the CMP code (osano.js) to your site <head>

Once published, use the "get code" button to copy your osano.js and paste it into the header <head> for all pages you wish to monitor (add to the global <head> to apply to all pages). Ensure that the osano.js is the first script that loads on your site if possible. 

It is recommended to remain in Listener until you have added the osano.js into your site and have discovered and classified all relevant scripts. 

Once you have collected enough reports from osano.js, you can work with your other business units to identify any unknown cookies/scripts to ensure that no "strictly necessary" scripts and cookies are blocked by categorizing them appropriately.


Interlude: Compliance Mode Definitions

osano-compliance-modes

      • Discovery/Listener Mode - Osano will gather script and cookie information for categorization, but the consent dialog will not appear on your webpage, and no blocking will occur.
      • Permissive Mode -  The consent dialog will appear on your website, and all uncategorized scripts will be identified and allowed regardless of consent given. All categorized scripts will be accepted or denied based on user selection. Compliance can be reached in Permissive Mode but is less certain and sustainable than Strict.
      • Strict Mode - The consent dialog will appear on your website, and all uncategorized scripts will be blocked until they have been classified. (Recommended - Most compliant)

Step 3: Classify your Scripts and cookies.

Once you have placed your Osano.js in the <head> of your site in "Listener" mode, Osano will begin alerting you to and displaying identified scripts. These scripts will appear in the "Scripts" section of the Consent Manager. It can take anywhere from a few minutes to a few hours for scripts to populate. 

The script tab is broken up into 2 sections: Classified & Unclassified (Read Classification of Scripts and Cookies for more info.)

Once scripts are identified, you must classify them as one of the following: 

      • Essential
      • Analytics
      • Marketing
      • Personalization
      • Blocklist

You can find more information about Classification Categories and Classification Rules in the linked articles. 

Be sure to classify each script before saving and publishing out any new changes.

*** NOTE: You CANNOT switch compliance mode from "Listener" to "Permissive" or "Strict" without at least one script classified. We recommend you classify as many scripts as possible before switching out of "Listener" mode for compliance's sake. ***


Cookies

Cookies can be categorized in the same way as scripts. Classification rules can be set for cookies as well. 

The cookies tab is broken up into 3 sections: Classified & Unclassified (Read Auto-Classification of Scripts and Cookies for more info.)

Once Cookies are discovered, you must classify them as one of the following: 

      • Essential
      • Analytics
      • Marketing
      • Personalization
      • Blocklist

osano-script-classification

In this section, you can also set your disclosures. Cookie Disclosures are used to disclose or list out cookies your website uses to the end-user so that they are aware of what is in use and why it is in use. In this section, you can manually add the following:

      • Category (tied to the script/cookie categories above)
      • Cookie Name
      • Cookie Provider
      • Expiration Date
      • Description of the Cookie

Once added, these disclosures will appear to the end-user on your webpage in the "drawer" under their associated categories. You are not required to include cookie disclosures, but it is recommended for both CCPA and GDPR.

It is important to note that, though Osano may identify 100% of your cookies, Osano’s cookie classification only affects cookies set through Javascript. Any other means of intercepting or blocking request headers can only be accomplished through browser extensions.


iFrames (Enterprise Only)

If this feature is enabled, Osano will discover and list iFrames in the same way it does cookies and scripts. Once discovered, iFrames can be classified and blocked in the same way. 

Once iFrames are discovered, you must classify them as one of the following: 

    • Essential
    • Analytics
    • Marketing
    • Personalization
    • Blocklist

Step 4: Customizing your Cookie Popup

Within the Consent Manager Configuration screen, you will find the "Customization" tab. The Customization tab allows you to tailor certain aspects of your Consent Manager's appearance.

From here, you can customize dialog type, placement, and coloration. You have the option to change the color styles of your consent management overlay by choosing one of the Osano pre-generated themes or by setting all colors individually.

Additional Customization Settings:

      • Show Policy Link in Drawer - this switch allows you to display a link to your privacy policy/cookie policy/data storage policy in your storage preferences as well as on the initial cookie popup. 
      • Notification Dialogue Timeout Duration (Slider) - some regional consent dialogues appear on a timer (ex. they appear for a set amount of time before disappearing). This option allows you to set how long the dialog persists on the page before disappearing. 

If there are specific customizations that you would like to employ on your consent manager overlay, you can do this using CSS. View all Osano CSS Classes.

Use the world map to see how your cookie popup (dialogue) and storage preferences (drawer) will look in different countries. 

osano-styling

(Note: Osano will geolocate the end-user and provide them with the cookie popup that is most compliant in their location. The language displayed will be determined by the end-users' browser preferences. Selecting a location on the map will show the popup style in that location and the most common language in that location.)   


Step 5: Publish your Configuration into an "Active" Mode to See the Cookie Popup on your Site

Once the above steps are complete, you can publish your configuration into an "active" mode. When active, the cookie popup will now appear on your site, and all managed scripts/cookies will be blocked or allowed based on their classifications and the consent of the end-user. 

  • Permissive Mode -  The consent dialog will appear on your website, and all uncategorized scripts will be identified and allowed regardless of consent given. All categorized scripts will be accepted or denied based on user selection. Compliance can be reached in Permissive Mode but is less certain and sustainable than Strict.
  • Strict Mode - The consent dialog will appear on your website, and all uncategorized scripts will be blocked until they have been classified. (Recommended - Most compliant)

We recommend starting in "Permissive" mode for a few days before moving into strict to ensure no new discoveries are found during that time. 


Interlude: Additional CMP Features

Consent Data (Business, Business+, Enterprise)

This section of Osano allows you to view a log of consents for a particular configuration. Using an Osano_UUID or a public IP address, you can search for a particular user's consent logs over a period of time. This data is hashed and anonymized. For more information on Consent Data, contact Osano support. 


Sitemap URLs (Enterprise Only)

Here you can add a sitemap XML for scanning. This scanning takes place monthly and can be used in advance of placing the osano.js on your website to identify script and cookie information. 

Click the (+) to add your sitemap URLs in the standard XML format (Osano does not support nested sitemaps). 

If your sitemap follows the standard sitemap formatting, these connected URLs will be scanned immediately and then monthly for unclassified cookies and scripts. (Example Format)


URL Scan (Enterprise Only)

Here you can see the URLs imported via your sitemap for this configuration OR add individual URLs to scan for scripts and cookies. When new URLs are added, they will be scanned immediately and will continue monthly while active. 

You can add, delete, and start/stop scans from this section. 

osano-url-scan


Versions (Enterprise Only)

Here you can see all of your current and past published versions of the Osano CMP script. 

osano-versioning

You can roll back to previous versions in the tab. Note that when you roll back, all rules, styling, and code is rolled back to the previous version as well.