The A record is a solution for tracking purposes using 1st party cookies. You need to combine A record with the CAID on-premise cookie to get the most out of it.

What is a A record?

A record (A for Address) is a DNS record type. It is a match between a domain and an IP address. It points the hostname to the IP address.

cs.example.com ⇒ IP Address : 36.283.49.384

How the A record creation process works

Since there is a link between the domain and the IP address, we need to have control over it. Otherwise, it would be very complicated for maintenance: we will have to ask customers to change their configuration each time we want to upgrade the platform.

We therefore ask customers to delegate part of their DNS to us. This means that we will be able to configure the corresponding IP address for the delegated domain.

The process is quite simple, on Administration / Domain Management interface, click on 'Add subdomain' to add a domain name that will be delegated. Select A record and select how to provide the certificate:

• Use Let's Encrypt certificate: with this method, the certificate will be automatically generated. Follow the steps on the interface, no action is required on your side.

• Use your own certificate: this will require to provide the following elements:

  - The SSL certificate(s) linked to the subdomain(s) entered above - The key of the certificate - The chain of the certificate If you need assistance, please contact the Commanders Act support team.

A record setup with Let's encrypt

Customers' DNS should be configured with A record information (ask your IT department).

Click on "Validate configuration" and this will test the DNS configuration.

Click then on "Generate certificates"

Click on "Test configuration" and the setup will be done.

A record setup with your own certificate

Customers' DNS should be configured with A record information (ask your IT department).

Provide the requested information: - The SSL certificate(s) linked to the subdomain(s) entered above - The key of the certificate - The chain of the certificate If you need assistance, please contact the Commanders Act support team.

Then click on "Validate configuration" and this will test the DNS configuration.

Test the configuration and the setup will be done.

Activate the domain

Click on "Containers Integration", this will allow the domain to be included in the container configuration.

All Commanders Act tags will switch to first party collection.

This action will affect Consent, Deduplication, Campaign, Segment, Server Side

What happens when I have 2 or more domains?

It prioritizes the domain of the website where the container is loaded. If no domain matches the domain of the website, the 1st in the list is used.

In the customer's DNS, the use of a CNAME pointing to a Commanders Act server allows to set cookie as a first party.

You need to combine CNAME with the CAID on-premise cookie to get the most out of it.

What is a CNAME?

A CNAME, or Canonical Name, is an entry within the Domain Name System (DNS) that specifies where someone can find your web pages. You'll use the CNAME to associate your custom domain with our products.

Running a domain name is a multi-sided process thanks to the many DNS management possibilities offered by web hosting providers. Most of the hosts today offer multiple options for control over your domain's DNS settings, among them being the CNAME Records.

How the CNAME creation process works

The customer should create a subdomain and setup CNAME entries to point to our server (and create as many subdomains as existing domains). Example:

client.com creates a subdomain XYZ.client.com pointing to Commanders Act server. From now on, our tags will now call XYZ.client.com instead of our 3rd party domain (commander1) and response will set a cookie on main domain .client.com which is allowed by main web browsers.

Then please indicate the subdomain on our platform: Admin / Domain Management.

The customer must decide if the SSL encryption on the new subdomain they created is done with ‘Let’s Encrypt’ or with their own certificate. In the former case, nothing to do; in the later case, follow the instruction on the domain management page.

Moreover, change on every tag the URL to specify the 1st party domain.

Activate the domain

Click on "Containers Integration", this will allow the domain to be included in the container configuration.

All Commanders Act tags will switch to first party collection.

This action will affect Consent, Deduplication, Campaign, Segment, Server Side

What happens when I have 2 or more domains?

It prioritizes the domain of the website where the container is loaded. If no domain matches the domain of the website, the 1st in the list is used.

Setup a reverse proxy DNS on a WAF like CloudFlare is an easy and reliable way for tracking purposes using 1st party cookies.

Contact your account manager for more details.

Setup

Create your WAF

1. In Cloudflare (or your WAF), declare the tracking domain to be used and point it to our infra (for ex. waf.myshop.com) and point it to the endpoint we've defined for the proxy:

ca-trk-proxy.commander1.com

2. On the DNS side, point your tracking domain (ex. waf.myshop.com) to Cloudflare (the CNAME is provided by cloudflare).

Declare it in Domain Management

1. Declare the domain Use our interface Domain Management to declare this domain and adjust the way Commanders Act collect the datas Administration > Domain Management

1. Activate the domain Turn ON the option "Containers Integration" will allow the domain to be included in the container configuration.

   All Commanders Act tags will switch to first party collection.

   This action will affect Consent, Deduplication, Campaign, Segment, Server Side

What happens when I have 2 or more domains?

It prioritizes the domain of the website where the container is loaded. If no domain matches the domain of the website, the 1st in the list is used.

Improve the way you collect data with Commanders Act by using a first party approach.

The Domain Management Interface is the key to optimize your data collection configuration.

What is a first-party cookie?

• First-party cookies are stored by the domain (website) you are visiting directly. They allow website owners to collect analytics data, remember language settings, and perform other useful functions that help provide a good user experience.

• Third-party cookies are created by domains other than the one you are visiting directly, hence the name third-party. They are used for cross-site tracking, rettargeting and ad-serving.

Until now all the data collected on a website was done mainly by tags, 3rd party tags, because the data is pushed to external servers (not owned by the brand but by some partners).

Major browsers, such as Safari or Google Chrome, decided to not allow anymore 3rd party cookies. That means they will block cookies not coming from the brand itself but coming from partners (such as Commanders Act). They will detect all data flux pushed to a domain not related to the brand (3rd party domains).

As a result, the workaround to continue to track and push data from websites to partners, is to use a domain owned by the brand, a first party domain. And the cookies should be set by this domain, this is what is called ‘1st party cookie’ because it seems to be generated by the brand itself and not from partners.

There is a technical setup to do to initialize this 1st party tracking (on the domain level first and then on the cookie level).

What setup has to be done?

5 methods are possible:

• : easy to setup if you have a WAF like CloudFlare. The recommended method

• combined with : still useful for Adblockers

• combined with : not the best solution anymore, but still useful for Adblockers

• : more technical but preferred by some IT team. As efficient as WAF proxy.

• or without setting : not recommended but still useful for Adblockers.

Our 1st party hosting feature helps ensure that ad blockers do not unfairly interrupt responsible data tracking. This is in line with privacy best practice and GDPR compliance. By configuring your CDN 1st party hosting, you'll be able to change the host of your Web Container(s) & Privacy banner(s). Are you looking for an additional approach to avoid the effects of ad blockers and keep tracking? You've come to the right place!

Configuration

Add your domain

Go on Administration > Domain Management

Look to the menu Domain Management for CDN 1st party

Click on "Add Subdomain"

Enter your subdomain name

Once saved, the new subdomain will be displayed in your list

Validate your configuration

Activation

As long as the domain isn't activated, your workspace will not be impacted by your configuration. Once activated, all your Web Container(s) & Privacy banner(s) will be hosted on the new subdomain(s)

Multiple Domains Management

Your configuration is using multiple work spaces? 1st party hosting allows you to share a subdomain between different sites IDs, as long as they belong to the same "invoicing account".

Instead of "Add subdomain", click on "Load subdomain"

Select in the drop down's menu the subdomain you need to use on your workspace.

A loaded domain is activated by default. If you want to stop it on your workspace, simply click the button "stop using this subdomain". The subdomain will remains activated on the site where it is configured.

Go live with CDN 1st

When your setup is done, the Deploy step of Web Containers & Privacy banners are now impacted. That means your files will now hosted on your new domain.

To ensure stability, re generate & re deploy all your Web Container(s), and Privacy banner(s)

The On-Premise Proxy is a feature that orchestrates the communication between your website/app and the Commanders Act platform. A proxy is a sort of intermediary, routing information back and forth between two points—in this case, your website or app and Commanders Act.

The On-Premise Proxy is designed to be installed by your IT team on your own servers. This allows for control and flexibility in managing the data flow between your system and Commanders Act.

For the installation and technical details, your DevOps team can refer to the technical documentation available at the following link:

Introduction

The CAID cookie: your VIP pass for a top level tracking visitors on your website! 🌐 Powered by Commanders Act, the CAID cookie, is your go-to for identifying and tracing a visitor's journey across different browsing sessions.

Its construction is essential, especially in the context of restrictions imposed by privacy and security policies such as ITP (Intelligent Tracking Prevention).

You must create it yourself, on your own server, in the case of "First Party" tracking via CNAME or A-Record, but it is not necessary if you use a proxy. In this documentation, you'll find all the information you need to build it.

Ready to elevate your tracking game and conquer the challenges? Dive in, and let's make your On-Premise CAID cookie the superhero of your website! 🚀

How to setup your cookie CAID?

When creating your CAID's cookie, apply the following requirements:

Cookie name

"CAID" (in uppercase)

Cookie structure recommendation

Contains 20 random characters

Preceded by the year the cookie was created

Lifetime

Creation and Deposit

Accessibility

Code snippets

Here are some examples of snippet code to create your On-Premise CAID cookie

Overview

Commanders Act supports SAML 2.0 based Single Sign-On authentication and authorization.

Setup

To setup Single Sign-On Commanders Act requires the metadata.xml of the IDP or following information:

• Single Sign-In Endpoint

• Single Sign-Out Endpoint

• EntityId of the IDP

• Public key of the IDP (X509 certificate)

Please contact a Commanders Act consultant to initiate the setup. You will then receive a namespace parameter <name> and the site id <id_site> used in following SAML Endpoints and SAML Attributes.

SAML Endpoints

Following you will find an overview of the SAML API endpoints used by Commanders Act.

ACS URL/Endpoint URL https://platform.commandersact.com/saml2-acs/<name>

Login URL https://platform.commandersact.com/saml/<name>

SP Entity ID/Partner's Realm commanders-act

SAML Attributes

Following SAML attributes are currently supported. It is required to send the email attribute.

FAQ

How long is the SAML session duration? 1440 seconds.

Which protocol is used for Single Sign-On? SAML 2.0

Introduction

The “Copy Management” user interface is available to administrators only, from the “Administration” menu:

It allows duplicating sites, containers, variables, deduplication settings and tags.

Copying a site

Follow these steps to copy an existing site and its contents:

1/ “Element to copy”: select “Site” from the drop down menu to duplicate a site.

2/ “Site to copy”: select the site you wish to duplicate.

3/ “Add several new sites based on the site to copy”: If you wish to copy the content of a given site to another one and only, select “No”. If you wish to copy that site’s content to more than one site, select “Yes”.

4/ “Site name”: enter the name(s) of your new site(s). The “+” and “–“icons allow adding or deleting sites.

5/ “Grant same rights to the same user(s) on the new site(s)”: If you wish to duplicate user access from one site to another click “Yes”, otherwise click “No” (should you click “No”, no one else but you will have access to the duplicated site).

6/Click the “COPY” button to validate your settings.

What elements are duplicated with the “Site Copy” feature?

The “Site Copy” feature duplicates the following elements and creates one or more new sites with the exact same settings as the source site:

• Commanders Act TMS:

  • Containers

  • Tags

  • Events

  • “Static JavaScript Code” and “Dynamic JavaScript code” files

  • Rules

  • Data layer (external, internal and event variables)

  • Deduplication settings

  • Privacy settings (if the module is activated)

• Commanders Act Campaign:

  • Attribution models

  • Segments

  • Excluded IPs

  • Channel identification

  • Dimensions (conversion/traffic)

  • Currencies

  • Costs

• Commanders Act Segments

  • Segments

  • Streams

• Cross-product options: connectors

The “Site Copy” feature does not duplicate these items:

• Commanders Act TMS:

  • Generated container versions

• Commanders Act Campaign:

  • Custom reports

  • Raw data

• Commanders Act Segment:

  • Raw data

Copying a container

Note: only administrators and technical users can copy sites

Follow these steps to copy an existing container and its contents:

1) – Click the “Admin” tab

2) – Click the “Copy Management” tab

3) – Select “Container” from the dropdown menu

4) – Select the site the container you want to duplicate belongs to

5) – Select the container to copy

6) – Select the site to host the duplicated container (among the sites you manage)

7) – Choose whether you want to create a new container or replace an existing container with the duplicate

8) – Name the copy

9) – Click “Copy”

Copying tags

Note: only administrators and technical users can copy tags

Follow these steps to copy tags from a given container:

1) – Click the “Admin” tab

2) – Click the “Copy Management” tab

3) – Select “Tag” from the drop down menu

4) -Select the site containing the tags you wish to copy

5) – Select the container the tags are in

6) – Select the tag(s) to copy

7) – Select the destination site

8) – Select the destination container

9) – Click the “+” button to add more destination sites and containers

10) – Click copy

Copying variables

Note: only administrators and technical users can copy variables

Follow these steps to copy existing variables:

1) – Click the “Admin” tab

2) – Click the “Copy Management” tab

3) – Select “Variables” from the drop down menu

4) – Select the site containing the variables you wish to copy

5) – Select the variables to copy

6) – You will see the number of selected variables

7) – Add the site in the drop down menu

8) – You can add more destination sites if needed

9) – Click “copy”

Copying tag librairies

Note: only administrators and technical users can copy tag librairies (to learn more about the libraries’ customization options, please click here)

Follow these steps to copy tag librairies:

1) – Click the “Admin” tab

2) – Click the “Copy Management” tab

3) – Select “Tags Library” from the dropdown menu

4) – Choose the site containing the tag whitelist to copy

5) – Select one or more destination sites

6) – Click “Copy”

Copying deduplication settings

Note: only administrators and technical users can copy deduplication settings

Follow these steps to copy existing deduplication rules:

1) – Click the “Admin” tab

2) – Click the “Copy Management” tab

3) – Select “Deduplication Configuration” from the dropdown menu

4) – Choose the site containing the deduplication configuration to copy

5) – Select on or more destination sites

6) – Click “Copy”

Copying rules

Follow these steps to copy rules from one container to another (or within the same container):

1) Click the “Admin” tab

2) Click the “Copy Management” tab

3) Select “Rules” from the drop down menu displaying all the possible elements to copy:

4) Select the site and the container you wish to copy rules from:

5) Select the rules you wish to duplicate from the “perimeter” or “constraint” sections:

6) Select the target site and container from the drop down menu:

7) Click copy

The 2FA authentication, for two-factor authentication, is a way to reinforce the security to access to the platform.

The goal is to provide a way to login on the platform and then receive an email with a unique token. By doing this, we have a double authentication with first the login/password and then the code received by email, it is a double security.

It has to be activated on the profile level (profile management), using the switch button on each profile you want to activate the option.

Once this option is activated, the platform will request an access token sent by email.

This token will be active for 30 days (on the same browser and IP), that means it will request a new one as soon as the token expire (or if you change your browser or IP).

On the login page, there is an option to login without the double authentication, if you do this you will be able to connect only to sites on which 2FA is not activated on your profile.

The “User Management” interface is available to administrators only, from the “Administration” menu.

Then click “User management”. This interface allows you to grant access or modify user access to the Commanders Act interface on your account(s).

Creating a new user

Note: only an administrator can create a new user.

Follow these steps to create a new user:

1/ Select the account(s) you wish to make changes to (you can start on step2 as well).

2/ Click the “Add / edit user(s)” button.

3/ Fill in all required information about the new user:

(A) The account(s) you wish to grant access to

(B) User Roles. You can choose between 7 built-in roles:

• Read only: Users can visualize all of the interface’s elements but do not have the possibility to perform any action.

• Marketing: This role was conceived for users that do not wish to interact with the advanced technical elements of the interface. “Marketing” rights do not allow a user to create or edit containers, or to modify tags’ JavaScript code.

• Technical: This role provides access to every feature within the interface, except for a few advanced options that are available to account administrators only (please refer to the “Administrator” role to know more).

• Custom: “Custom” rights provide access to very specific parts of the interface, depending on your needs. For more information please refer to the “Modifying/customizing user rights” article.

• Administrator: The Administrator has access to every feature in the user interface and can create new users as well. Advanced options are only made available for administrators: renaming containers, creating “commander1.com” subdomains, connector setup…

• Privacy manager: The Administrator for the privacy module only.

• Privacy technical: This role gives access to the privacy module's features except for the options section.

If you created custom roles in the “profile management” tab (please refer to the “Creating User Profiles” article) , they will also be available from the “Role” drop down menu.

Please note: If you select multiple sites (A), only user profiles shared by all these sites will be available from the “Role” drop down menus.

(C) User type. You can choose between 3 types of user types:

• End user: clients

• Technology partner of an end customer: tag editors

• Service provider of an end customer: agencies working for end users

(D) Language. Note: at present the interface is only available in English and French.

(E) User Email. If the user is already present in Commanders Act’s database, the email, name and surname fields will automatically be filled in. We do not recommend giving access to generic email addresses: it could affect tracking of user actions within the interface and jeopardize security in case employees leave your company.

(F) User name and surname.

(G) You can also add/change account settings by clicking the “+” button.

Modifying user rights

Note: Only an administrator has the possibility to modify/customize rights.

Follow these steps to modify user rights:

1/ Select a specific account from the drop down menu.

2/ Select the user(s) whose rights you wish to modify.

3/ Select “Change Role” from the drop down menu and click “Apply”.

Revoking access to the interface

Note: Only an administrator has the possibility to cut access to the interface.

Follow these steps to cut access to the interface:

1/ Select the account to perform this action on from the drop down menu.

2/ Select the user(s) you wish to revoke access to.

3/ Select “Revoke access” and click “Apply”.

Reset user passwords

Note: Only an administrator has the possibility to reset passwords.

Follow these steps to reset a password:

1/ Select the account to perform this action on from the drop down menu.

2/ Select the affected users.

3/ Select “Reset Password” from the drop down menu and click “Apply”.

Accessing users' information and seeing sites they have access to

Note: Only an administrator has the possibility to consult users’ information and the sites they have access to.

Follow these steps to see users’ information and the list of sites they have access to:

1 ) Click the selected user in the column to the left

2 ) See the user’s information in the “User information” column on the right: the email address that is used to log in, the type of access, the company they work for, name/surname, position, mobile phone number, language, date and time of last connection.

3 ) To see what sites the user has access to, click the “Site(s) Access” button:

4 ) To manage the sites a given user has access to, choose the action to take and then click the “Apply” button.

5 ) Click “See Roles Details” to see what every type of role grants access to.

Managing custom user profiles

User profiles let you create custom rights working for one or more interface users.

The profile creation interface is accessible by Administrators only, from the “Administration” menu

Creating a new profile:

To create a new profile, go to the “Administration” > “Profile management” section and click the “Add Profile” button:

1) Enter the profile’s name.

2) Select the default role from which you wish to create your custom profile (read only, technical, etc.).

3) Select the site(s) you wish to create the profile for from those available in the list.

4) If you wish to customize or limit access to certain containers, select the container’s name (only one at a time) from the list. Please note: if you select multiple sites this option will not be available.

5) If you wish to customize or limit access to certain tags, select the tag’s name (only one at a time) from the list. Please note: if you select multiple sites this option will not be available.

6) Select the product features you wish to add/revoke access to by clicking YES/NO.

7) By clicking Yes/No at the top of the columns, changes will impact all of the column’s items.

When saving, the profile will be created on all selected sites.

When the profile is created, you will be able to link it to all desired users from the “User management” interface. To learn more, please refer to these articles: “Creating a new user” or “Modifying user rights”.

Setup example for access only to Destinations and Live event inspector

To grant access only to Destinations and Live event inspector menu, simply turn all the options to NO, except in the "Data Activation" menu these 5 elements will be turned to YES:

• Read connector credentials

• Access to DataCommander

• Create audience destination

• Update audience destination

• Read audience destination

Modifying a profile:

To modify a profile, click the “pencil” icon from the column.

Please note: you cannot change default profiles (administrator, technical, marketing and read only), but you can see their settings.

You can make changes to all elements available when you created the profile, except the sites each profile is linked to. To copy a profile from one site to another, go to the “Copy Management” interface (please refer to the “Copying custom user profiles” article).

Please note: Changes made to a profile will affect all sites said profile was created for.

You can also activate the double factor authentication (2FA) on this section, please refer to Double factor authentication (2FA)

Denying access to a specific container or tag

To deny access to a specific container, go to the user management interface.

The user’s role needs to be the “CUSTOM” type (please refer to the “CREATING A NEW USER” article to learn how to give a custom-type role to new users; or to the “MODIFYING USER RIGHTS” article to learn how to change a role type to custom).

1) Click the pencil icon next to the profile name. The custom role configuration poppin appears.

2) Select the container you wish to deny access to.

3) Click “NO” in the upper, right-hand side of the screen to turn all buttons to “NO” and save; the selected user no longer has access to the current container’s settings.

A similar operation is required to prevent a user from having access to a specific tag. In the custom role configuration poppins, follow these steps :

1) Select the tag you wish to deny access to

2) Click “NO” in the upper, right-hand side of the screen to turn all buttons to “NO” and save; the selected user no longer has access to the current tag’s settings.

Modifying custom roles

Follow these steps to modify custom rights:

1/ Click the pencil icon next to “Custom”:

2/ Select the Commanders Act product you wish to revoke access to.

3) Select the container/tag you wish to revoke or grant access to.

4) Select the predefined role level to be used as starting point for customization (this is “Read Only” by default).

5) Finally, select the features you wish to customize rights for in the products’ feature list. Click “YES/NO”

6) Note: If you click Yes/No at the top of every column, the change will affect all features.

Deleting a profile:

To delete a profile, click the trash bin icon from the “Actions” column.

Please note: you cannot delete default profiles (administrator, technical, marketing and read only).

The profile will be deleted and place in the trash. Access of all users linked to this profile will automatically change into “Read only”.

You can restore profiles at anytime by clicking the two arrows from the trash bin (3).

You can also delete the profile permanently by clicking the trash bin (4). Please note: this profile deletion will affect all sites said profile was created for. Access of all users linked to this profile will automatically change into “Read only”.

Copying custom user profiles

Please note: only administrators can copy custom user profiles (to learn more about user profiles, please refer to the Managing Custom User Profiles section).

Follow these steps to copy a user profile:

1) – In the “Administration” section, click the “Copy Management” tab

2) – Select “User Profiles” from the drop down menu

3) – Select the site containing the profiles you wish to copy

4) – Select the custom profiles you wish to copy

Please note: if you have created profiles with specific settings by container or tags, they will not appear in the list of available profiles to copy.

5) – Select one or many target sites

6) – Click “Copy”