4.31 Consent Management
ZTrust Consent Management – Structured, versioned, and traceable consent lifecycle.
Introduction
The Consent Management in ZTrust provides organizations with a comprehensive framework for defining, managing, and tracking user consent across data processing activities, application access requests, and regulatory compliance workflows.
This module is designed to ensure that all consent records are version-controlled, auditable, and fully traceable. By maintaining a transparent and structured record of consent interactions, organizations can confidently meet the requirements of applicable data protection regulations.
All user responses to consent prompts, including both accepted and denied responses, are captured and retained for auditing and compliance purposes.
Key Capabilities
The ZTrust Consent Management module delivers the following core capabilities:
Consent Definition Management: Administrators are able to create and maintain consent definitions that are used across applications and integrated services within the ZTrust environment.
Consent Version Control: When a consent definition is updated, the system automatically generates a new version while preserving all prior versions. This ensures a reliable and unbroken historical record of consent changes.
Consent Archiving and Restoration: Consents that are no longer required for active use may be archived by administrators. Archived consents can be unarchived and reactivated whenever required.
User-Level Consent Response Tracking: The system records and stores each user's response to consent prompts, capturing both accepted and denied decisions for every applicable consent definition.
Version-Specific Consent Recording: Each recorded user response is linked to the precise version of the consent definition that was presented at the time of the interaction, ensuring the integrity and accuracy of historical consent records.
The following sections outline the complete lifecycle of consent management in ZTrust, including consent creation, version management, archiving, and user consent responses.
1. Enable Consent Management in ZTrust
This section explains how administrators can access and configure Consent Management (CM) for an application in the ZTrust Admin Console.
Log in to the ZTrust Admin Console
Open the ZTrust Admin Console in your browser and log in using your administrator credentials.
Select the Desired Realm. After logging in:
Click on Manage Realm.
Select the realm where you want to configure Consent Management.
Navigate to the Clients Section
From the left-side navigation panel: Click on Clients.
A list of applications (clients) configured in the selected realm will be displayed.
Select the client/application where you want to enable or configure Consent Management.
Open the Consent Management (CM) Tab, Within the selected client.
Navigate to the Consent Management (CM) tab.
This section allows administrators to configure and manage consent definitions for the selected application.
2. Consent Management Screen Overview
Once Consent Management is enabled for the selected client, the Consent Management dashboard will be displayed. This screen allows administrators to view, search, create, and manage consents.
The following sections explain the key components available on this screen.
Default Consent ZTrust provides default consent templates that are available when Consent Management is enabled.
These consents serve as base consent definitions and cannot be modified directly. If an administrator edits a default consent, the system automatically creates a new version of that consent while preserving the original definition.
Search Option The Search feature allows administrators to quickly locate specific consent definitions.
Administrators can search using:
Consent name
Consent ID
This helps administrators efficiently manage consents when the list becomes large.
Add New Consent The Add New Consent option allows administrators to create a new consent definition.
When creating a new consent, administrators can define:
Consent name
Consent description or text
Applicable configuration settings
Once created, the consent becomes available for version management and activation.
Archived Consents The Archived Consents option allows administrators to view consents that have been archived.
Archived consents:
Are not presented to users for new consent collection
Remain stored in the system
Preserve all historical user responses
Administrators can unarchive a consent if it needs to be used again.
3. Creating New Consent
Administrators can create a new consent definition from the Consent Management dashboard. Step 1: Click on Add New Consent
Click the Add New Consent button to start creating a new consent.
A text editor window will open where you can:
Enter the consent text manually, or
Upload a PDF file containing the consent document.
Step 2: Provide Consent Details
Enter the required consent information:
Consent Name – Provide a unique name for the consent.
Consent Type – Select whether the consent is:
Mandatory – The user must accept the consent to proceed.
Optional – The user may choose whether to accept or decline the consent.
Step 3: Confirm Consent Creation After entering the required details:
Click Save or Create Consent.
A confirmation popup will appear asking you to confirm the creation of the consent.
Click Yes to proceed.
Once confirmed, the new consent will be created and added to the consent list.
4. Updating an Existing Consent
Administrators can update an existing consent when changes are required to the consent text or configuration. Updating a consent will create a new version of the consent, while preserving the previous version.
Step 1: Select the Consent
From the Consent Management dashboard, select the consent that you want to update.
For example, in this case we are selecting the consent C102 to update its details.
Step 2: Enable Edit Mode
After selecting the consent, click on the Enable toggle button to activate edit mode.
Enabling this toggle allows you to modify the consent details, such as the consent name, text, or configuration settings.
Step 3: Modify the Consent
Once edit mode is enabled, you can update the consent details using the consent editor.
Administrators can modify the following fields:
Consent Name Update the consent name if required. The name must remain unique within the system.
Consent Text or Document Edit the consent text directly in the editor or upload an updated PDF document.
Consent Type Select the consent type:
Mandatory – Users must accept the consent to proceed.
Optional – Users may choose to accept or decline the consent.
Step 4: Save the Changes
After making the required updates to the consent:
Click Save.
A confirmation popup will appear asking you to confirm the update.
Click Confirm to proceed.
Once confirmed, the system will create a new version of the consent while preserving the existing version.
Result: New Consent Version Created For example, in this case we edited the consent C102. After confirming the update, the system created a new consent version named C103.
This demonstrates that updating a consent does not overwrite the original consent. Instead, the system automatically creates a new consent version while preserving the previous one.
For the newly created consent C103, the field "Inherited From" displays C102, indicating the parent–child relationship between the two consents:
C102 → Parent Consent
C103 → Child Consent (New Version)
This confirms that ZTrust implements a parent–child hierarchy for consent versions, allowing administrators to track the history and evolution of each consent definition.
5. Archiving a Consent
Administrators can archive a consent when it is no longer required for active use.
Step 1: Click the Archive Button
From the Consent Management dashboard, select the consent you want to archive (for example, C102) and click the Archive button.
Step 2: Confirm the Archive Action
After clicking the Archive button, a confirmation popup will appear asking you to confirm the action.
Click Confirm to proceed with archiving the consent.
Result : Once confirmed, the selected consent will be archived.
Archived consents:
Are no longer active for new consent usage
Remain stored in the system
Preserve all historical records and user responses
6. Unarchiving a Consent
If an archived consent needs to be used again, administrators can restore it by using the Unarchive option. Unarchiving a consent makes it available again for consent management and activation. Step 1: Open the Archived Consents List
Navigate to the Archived Consents section from the Consent Management dashboard.
This section displays all consents that have been previously archived.
Step 2: Viewing Archived Consent Details
From the Archived Consents list, administrators can view the details of an archived consent by clicking the View option.
This allows administrators to review the consent content and associated details.
However, archived consents have the following restrictions:
Archived consents cannot be edited.
Archived consents cannot be deleted.
They are maintained in the system for historical reference and record tracking.
Step 3: Unarchive the Consent
To restore an archived consent:
Click the Unarchive button associated with the consent.
A confirmation popup will appear asking you to confirm the action.
Click Confirm to proceed.
Once confirmed, the consent will be successfully unarchived and moved back to the active consent list.
Note: Archived consents are preserved to maintain historical records and ensure the integrity of consent version tracking. They remain accessible for reference but cannot be modified or removed from the system.
Tip: If a consent needs to be used again, administrators can restore it by using the Unarchive option.
7. Activating a Consent for an Application
Once a consent is created, administrators must activate it for the application so that it can be presented to users.
In this example, we will activate the consent C103.
Step 1: Activate the Consent
From the Consent Management dashboard, locate the consent C103 in the consent list.
Click the toggle button in the Active column. If the toggle is currently inactive, enabling it will start the activation process.
Step 2: Select the Consent Type
After enabling the toggle, a popup window will appear asking you to select the consent type.
You can choose one of the following options:
Mandatory – Users must accept the consent to proceed with the application.
Optional – Users may choose whether to accept or decline the consent.
For this example, select Mandatory.
Step 3: Save the Configuration
Step 4: After selecting the consent type, click Save.
Step 5: Once saved, the consent C103 will be successfully activated for the application.
Result : The consent C103 is now active for the application. When users access the application, they will be presented with the consent prompt and will need to provide their response.
8. User Consent Prompt
Once a consent is activated for an application, users will be prompted to provide their consent when they log in or register for that application.
During the authentication process, the user will be presented with a consent screen displaying the consent content.
The user must review the consent and provide a response before proceeding.
If the consent type is Mandatory, the user must accept the consent to continue and complete the login process.
If the consent type is Optional, the user may choose to accept or decline the consent.
Below is an example of the consent prompt displayed on the login screen.
Result : Once the user submits their response:
The consent response is recorded in the system.
The user is then allowed to continue with the login process.
9. User Consent Response Tracking
When a user is presented with a consent during login or registration, they must review the consent and provide a response.
Once the user submits their response, ZTrust records the consent interaction and stores the response against the user account. After accepting the consent, the authentication process continues normally.
For every consent interaction, ZTrust captures and stores the following information:
User Information – The user who provided the consent response
Application / Client – The application where the consent was requested
Consent ID – The unique identifier of the consent (for example, C103)
Consent Name – The name of the consent definition
Consent Version – The specific version of the consent presented to the user
Response Status – Whether the user Accepted or Denied the consent
IP Address – The IP address from which the consent was submitted
Operating System – The user's device operating system
Browser – The browser used during the interaction
Geo Location – The detected geographic location of the user
Timestamp – The date and time when the consent response was recorded
By storing this information, ZTrust maintains a complete and traceable record of user consent activity, ensuring that each consent response is linked to the exact consent version presented to the user at the time of interaction.
Conclusion
The ZTrust Consent Management module provides a structured framework for defining, managing, and tracking user consent across applications and services.
With capabilities such as consent creation, version control, parent–child hierarchy, archiving, activation, and user response tracking, administrators can manage consent definitions efficiently while preserving a complete history of consent changes.
ZTrust records each user response along with contextual information such as consent version, application, timestamp, device details, and location, ensuring that every consent interaction is fully traceable.
By maintaining historical consent versions and linking each user response to the specific version presented at the time of interaction, ZTrust enables organizations to manage consent in a transparent, controlled, and accountable manner.
This approach ensures that consent interactions are consistently managed and accurately tracked throughout the application lifecycle.
Last updated