OneTrust Consent Management

This page describes one possible method of integrating Send2CRM configuration with consent settings from the OneTrust Consent Management Platform (CMP).

OneTrust script

The OneTrust SDK script should be installed and configured on the website. You will have a script similar to below in your page output.

<script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" data-document-language="true" type="text/javascript" charset="UTF-8" data-domain-script="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"></script>

This should make the window.OneTrust object available to subsequent scripts.

Service sync

If a website visitor has been previously identified, there may be recorded behavior in place outside of the current web browser session. Create a form mapping that can be called programmatically to update a field on the visitor-related object, or possibly create a new related audit record.

Create a Flow or trigger to update the send2crm__Ignore__c checkbox field on the corresponding visitor object. More information.

This mapping is used in the script below where visitors have been previously identified.

Consent changes

We will store the user’s consent as it applies to Send2CRM in a custom configuration setting in local storage. We only need to store this when it changes, as indicated by the OnConsentChanged callback provided by the OneTrust SDK - this includes the initial choice. Alternatively the OptAnonWrapper callback could be used.

This script must be added after the OneTrust SDK (above), and after the Send2CRM snippet.

// Name of the local storage variable we'll use to store settings.
const CONSENT_VARNAME = 'send2crm_consent';
// Form ID for propagating consent settings to service, matches the mapping above.
const CONSENT_FORMID = 'CONSENT_NOTIFY';

// Sanity checks to ensure the required objects are present.
// Note if localStorage is not available then Send2CRM won't be recording behavior.
if (window.send2crm && window.OneTrust && window.localStorage) {
  
  // The consent required to enable visitor behavior tracking.
  // Varies based on OneTrust configuration.
  const CONSENT_BEHAVIOR_TRACKING = 'C0002';
  // You may choose to define multiple consents for different functionality,
  //   or just use one for everything.
  
  OneTrust.OnConsentChanged(async function(evt) {
    // The OneTrust event detail should be an array of strings indicating consent approval.
    var consentData = {
      isIgnoreVisitor: !evt.detail.includes(CONSENT_BEHAVIOR_TRACKING),
      // e.g.:
      //isUtmCookie: evt.detail.includes(CONSENT_UTM_COOKIE),
      //isPersonalizationCookie: evt.detail.includes(CONSENT_PERSONALIZATION_COOKIE),
    };
    
    // Save to local storage.
    localStorage.setItem(CONSENT_VARNAME, JSON.stringify(consentData));

    const visitor = send2crm.analytics?.visitor;
    if (visitor && consentData.isIgnoreVisitor !== visitor.isIgnored) {
      // Make local update immediately.
      visitor.isIgnored = consentData.isIgnoreVisitor;
      visitor.changed();
    
      if (visitor.isIdentified()) {
        // Visitor is identified and ignore status is changed.
        // Notify service via form submission, use the same data.
        // This will record the choice at the service and ensure it propagates
        //  to other devices and websites. May also trigger further processing.
        await send2crm.forms.send(CONSENT_FORMID, consentData);
      }
    }
  });
}

It is also possible to reference the global OnetrustActiveGroups variable at other times to determine the currently selected categories. However saving the values to local storage guarantees that the OneTrust data is available at Send2CRM load time.

Cookie settings

Use the consent settings saved to local storage to apply cookie settings via the normal website client configuration process.

Ideally a change in consent settings should always be accompanied by a page reload, to ensure that Send2CRM is correctly initialized; if not then updated settings may not take effect until the next page load.

// Get consent settings from local storage, if they exist.
// Otherwise set defaults.
var consentData = JSON.parse(window.localStorage?.getItem(CONSENT_VARNAME)) || {
  isUtmCookie: false,
  isPersonalizationCookie: false,
};

window.addEventListener('send2crmLoading', (evt) => {
  // Apply current settings based on stored consent data (or defaults).
  send2crm.applySettings({
    utmCookie: consentData.isUtmCookie,
    personalizationCookie: consentData.isPersonalizationCookie,

    // This setting affects how the visitor ignore is implemented.
    //ignoreBehavior: 'R',
  });
});

This step is not required if you don’t use any of the Send2CRM cookies, they are disabled by default.