iFraming SureLC within a Website

Anatole T. -


Many SuranceBay clients embed SureLC within an iFrame on one or more websites they control or grant access to. SuranceBay supports this but it's important to maintain appropriate security measures across browsers to provide a seamless experience for your producers.

NOTE: The following information is only pertinent if you embed SureLC within an iFrame. Stop reading if you're not using SureLC within an iFrame.



Any destination URL that you are using to load the iFrame of SureLC must be listed in the X-Frame URL list, found on the Security tab in your Agency Settings.  If you do not see the URL there, type it in and select the Add button.  Each URL must be part of an HTTPS secured parent domain, or the iFrame feature will not work.



Using Single Sign On (SSO)?

  1. Review our documentation related to SSO and verify that your agency is following these published guidelines.
  2. While the Google Chrome browser is most desired (no known issues), your producers may experience problems accessing SureLC within an iFrame if they use Firefox or Internet Explorer unless you do the following:
  • Add the SSO parameter xframeUrl=WEBSITE_URL to the destination domain.

e.g. https://surelc.surancebay.com/sbweb/login.jsp?xframeUrl=https://www.DOMAINADDRESS.com


Not using Single Sign On (SSO)?

  1. All SuranceBay clients subscribed to SureLC are provided their own dedicated SureLC URL. For example, https://surelc.surancebay.com/sbweb/agency/1 is SuranceBay's internal dedicated URL (not for external use). Your agency has a different URL that ends with a different number other than "1".
  2. When embedding SureLC within an iFrame without using SSO, update the destination iFrame URL so it works correctly with Internet Explorer & Firefox to be: 


  • For example:  https://surelc.surancebay.com/sbweb/login.jsp?gaId=[YOUR AGENCY'S # GOES HERE]&xframeUrl=WEBSITE_URL



  • Effective 12/1/2015, SuranceBay requires that the "parent" domain is HTTPS:// secured to embed SureLC within an iFrame. This means that your website domains you're using to embed SureLC must be secured (HTTPS://) as we will not allow SureLC to be embedded on an HTTP:// site
  • If your agency uses SureLC within an iFrame on a website domain that differs from your primary domain, you must inform SuranceBay for us to whitelist the domain. Otherwise, it won't work.
  • Contact us with any questions at support@surancebay.com or 877-264-6888.



Have more questions? Submit a request