Set up OneTrust to obtain user consent

Learn more about how to Set up your consent banner with a consent management platform or a content management system.

Step 1: Set up a consent banner

Scan a website

1. Sign up for a OneTrust account.
2. Scan your website to determine which cookies are being dropped. This is done from the Websites screen.

Categorize cookies

3. From the “Categorizations” screen, categorize the cookies based on their function. The category a cookie is put in will determine how it’s handled, so make sure that Google cookies are categorized according to your company’s requirements.

Create website templates

4. After you’ve categorized the cookies on your site, navigate to the “Templates” screen and create a template for “Cookie Banner”, “Preference Center”, and “Cookie List”. There are pre-configured templates to support compliance for the various consent frameworks. Choose the template that fits your compliance needs.

Create and assign Geolocation Rule Groups

5. After you’ve created a “Template”, navigate to the “Geolocation Rules” screen and use that template to create a “Geolocation Rules Group''. These settings will allow you to comply with consent requirements based on region, country, or state.
6. After you have defined your Geolocation Rules Group, assign it to your “Domains''.
7. Confirm whether the banner should be opt-in or opt-out in each region you configure, and double check that consent mode is turned on in the region(s) where you intend to use it, with appropriate purposes assigned to each of the available consent types.

Step 2: Set up consent mode

Set up using Google Tag Manager

1. Open Google Tag Manager and navigate to your container.
2. In “Tags”, click New and name your tag.
3. Click Tag Configuration, then click Discover more tag types in the Community Template Gallery. From the gallery, search for “OneTrust” and install “OneTrust CMP” by OneTrustCMP.
4. In OneTrust Cookie Consent, go to Integrations, then select Scripts and select your website from the list.
5. Go to Production Scripts, and copy the ID from the first code box. From the code box, copy the bolded portion below. Your code will differ from the example provided.
   https://cdn.cookielaw.org/consent/1edbd598-c92a-49e7-ad81-d9a3b1f9ef60/OtAutoBlock.js 
6. Navigate back to Tag Manager and paste your ID into the Data Domain Script box.
7. Toggle “Do you want to use Google Consent Mode?” to “Yes”.
8. Click Add GCM Category one time for each of the following values, then set the default consent you would like to use globally (including in places without privacy regulations).
   • ad_storage
   • analytics_storage
   • ad_user_data
   • Ad_personalization
9. For alternative settings, such as defaulting consent to denied in some locations, click Add Region-specific default. Select the default settings you want for each of the listed consent types. In the first box, add the list of countries these defaults should apply to, using codes from the ISO standard list. You can review a list of European countries in the EU and EEA.
10. Click Add, then click Triggering.
11. Select “Consent Initialization - All Pages”, then click Save.
12. Click Preview in the top right corner to test your container. View instructions for testing below.
13. Publish your container.

Set up using another platform or directly from your website’s code

1. From OneTrust, choose your website from the “Integrations” section and select Scripts.
2. Copy the code from the first text box in Production Scripts.
3. If you use a website builder, review their documentation to find out how to implement code in the “head tag” of each page. Otherwise, skip to step 4.
4. In the <head> tag of each page (review the instructions above if you use a website builder), paste the following code, followed by the CMP script you copied earlier at the very top of the <head> tag. Note that this step is critical in order to ensure the CMP functions properly.

5. Publish your site.