Vendor list-GDPR | Vendor list-U.S. Privacy | Regulation Settings - USNat

Authenticated consent allows your organization to share an end-user's consent preferences across their different authenticated (i.e. logged-in) devices and deliver an improved end-user experience on your platform (since the end-user does not have to re-consent for each device). In this article, we provide an overview of how Sourcepoint retains an end-user's consent preferences and pushes this preference to the end-user's other authenticated devices, and how to enable authenticated consent for your organization.

Consent identifier

Authenticated consent utilizes a consent identifier to link an end-user's consent preferences to an authenticated (i.e. logged-in) user profile. Using the consent identifier, Sourcepoint will persist the consent preferences for the end-user in other properties in your configuration.

The consent identifier is passed into your Sourcepoint account via an authId implemented on a page or mobile app. Typically, this consent identifier is a username, userID, or any other unique key that your organization uses to identify a specific user.

  Note: Your organization can use the optional authCookie parameter in your implementation to set a unique name for your authId. See Sourcepoint's implementation documentation on optional client configuration parameters for more information.

Additionally, if your organization uses email address as a unique key for an end-user, you will want to use a hashed email to protect the end-user's personal information.

In the diagram below, we illustrate the data flow between an authenticated end-user interacting with your properties across three devices.


When your consent management portal (CMP) is called on one your properties, Sourcepoint will check whether the authId (consent identifier) has an associated consent preference.

Consent preferences Action
authId has consent preferences Your CMP will not ask for the end-user's consent preferences.
authId does not have consent preferences Sourcepoint will load your pre-determined scenario and save any consent preferences to the authId in our database for the next time the authId is called


The following requirements must be met In order to successfully utilize authenticated consent between properties:

  • Properties using authenticated consent must use the same vendor list
  • The consent scope for the vendor list should be set to Shared site (see below)

  Note: For GDPR TCF, GDPR Standard, and/or U.S. Multi-State Privacy vendor lists, consent scope can be set directly from the vendor list builder.

For U.S. Privacy (Legacy) vendor lists, you will need to contact your Sourcepoint representative to have this setting enabled in the back-end.


Implement authenticated consent

In this section, we will cover how to implement authenticated consent on web properties.

  Note: Please follow the links before for more information on how to implement authenticated consent for iOS and Android:

To implement authenticated consent on a web page, you can either pass the consent identifier via the authId or authCookie parameter in your implementation code or via a cookie written directly on the page.

authId parameter On-page cookie authCookie parameter

Here the authId can be set directly in the config section of your organization's CMP as shown in this example:

window._sp_queue = [];
window._sp_ = {
   config: {
      accountId: 1584,
      baseEndpoint: '',
      ccpa: { },
      gdpr: { },
      authId: 123456,
      events: {
         onMessageReady: function() {},
         onMessageChoiceSelect: function() {},
         onPrivacyManagerAction: function() {},
         onMessageChoiceError: function() {},
         onConsentReady: function() {},
         onPMCancel: function() {},
         onMessageReceiveData: function() {},
         onSPPMObjectReady: function() {},
         onError: function() {}
Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.