To configure ESP steering groups, follow the steps below in the LoadMaster Web User Interface (WUI). ESP SSO Domain settings must already be configured on the LoadMaster for this to function properly. See the ESP, Feature Description for details on configuring SSO Domains

  1. In the main menu, go to Virtual Services > View/Modify Services.

  2. Click Modify on the relevant Virtual Service.
  3. Expand the ESP Options section and check the Enable ESP check box.

  4. Select the appropriate Client Authentication Mode (steering groups are not available when using Basic Authentication, SAML, or OIDC / OAUTH authentication).
  5. Enter the Active Directory group names which contain members that are allowed to access the service in the Permitted Groups field and click the Set Permitted Groups button.
  6. Enter the Active Directory group names that will be used for steering traffic in the Steering Groups field and click the Set Steering Groups button.
    Note: Use a semi-colon to separate multiple group names.
    Note: The steering group index number will correspond to the location of the group in this list. In the example above - Group1 has an index of 1 and Group2 has an index of 2.
    Note: Do not enter the same group name in both the Permitted Groups and Steering Groups fields. This causes a conflict. When you specify a steering group, it is assumed to behave like a permitted group, so you do not need to enter the same group in both the Permitted Groups and Steering Groups fields.
  7. Enable or disable the Include Nested Groups option.
    Note: This field relates to the Permitted Groups setting. Enable this option to include nested groups in the authentication attempt. If this option is disabled, only users in the top-level group will be granted access. If this option is enabled, users in both the top-level and first sub-level group will be granted access.
  8. Configure any other settings as needed.