Skip to main content
Guide to Connect Azure SQL:
  1. Create a dedicated read-only user for Go Fig to limit permissions and improve security. (Recommended)
  2. Whitelist GoFig.ai’s IP address in your Azure SQL firewall rules: 104.196.71.57
  3. Collect the following details:
  • Azure SQL server name (e.g., myserver.database.windows.net)
  • Database name
  • Username and password with read permissions
  • Port number (default: 1433)
For security, create a dedicated Go Fig user with read-only access: 
-- Create login at server level (master database)
USE master;
CREATE LOGIN gofig_user WITH PASSWORD = 'StrongPassword123!';

-- Create user in your database
USE your_database;
CREATE USER gofig_user FOR LOGIN gofig_user;

-- Grant read-only access to all tables
ALTER ROLE db_datareader ADD MEMBER gofig_user;

-- Optional: Grant access to specific schemas only
-- GRANT SELECT ON SCHEMA::dbo TO gofig_user;
-- GRANT SELECT ON SCHEMA::sales TO gofig_user;
Why This Matters:
  • Principle of Least Privilege: Go Fig only gets read access, never write
  • Audit Trail: Separate user makes it easy to track Go Fig queries
  • Security: Limits blast radius if credentials are compromised
Set a strong password and store it securely. Never use your admin credentials for database connection.
Finding Connection Details: In Azure Portal → SQL database → Connection strings to find your server name, database name, and port.

2) Whitelist GoFig.ai’s IP address in your Azure SQL firewall

Azure SQL firewalls block all external connections by default. Configure your firewall to allow Go Fig:
Add Go Fig IP Address to Firewall:
  1. In Azure Portal, go to your SQL server (not database) → SecurityNetworking
  2. Under Firewall rules, click + Add a firewall rule
  3. Add the Go Fig IP address:
    • Rule name: GoFig
    • Start IP: 104.196.71.57
    • End IP: 104.196.71.57
  4. Click Save at the top to apply firewall rules
[SCREENSHOT: Azure Portal firewall rules page with Go Fig IP added]
Firewall rules are set at the SQL server level and apply to all databases on that server.

3) Connect Go Fig to Azure SQL

1

Add Azure SQL connection

Navigate to your Organization Data page and click + Add data. Select Azure SQL from the list of database connections.[SCREENSHOT: Organization Data page with “Add data” button and Azure SQL option in connection list]
2

Enter connection details

Fill in your Azure SQL connection information:
  • Server Name: Your Azure SQL server (e.g., myserver.database.windows.net)
  • Database Name: The specific database to connect to
  • Username: Database user with read permissions
  • Password: User’s password
  • Port (Optional): Default is 1433
  • SSL Mode: require (recommended) or disable
For production databases, always use SSL Mode “require” to encrypt data in transit.
3

Connect to Azure SQL

Click Connect to Azure SQL to complete the setup. Go Fig will verify the connection, encrypt and store your credentials securely.[SCREENSHOT: “Connect to Azure SQL” button]

Security Best Practices

Go Fig Security Features

  • Encrypted Credentials: Go Fig encrypts all connection credentials at rest
  • SSL/TLS Encryption: All data in transit uses SSL/TLS encryption
  • Credential Protection: Credentials are never logged or displayed in plain text
  • Role-Based Access Control: COMING SOON - Granular permissions for connection management
Use read-only user: Never connect with a user that has write permissions.
Use db_datareader role: Grant only db_datareader role or SELECT permissions on specific schemas.
Enable SSL: Always use SSL Mode “require” for production databases.
IP whitelisting: Use explicit firewall rules for Go Fig IP rather than allowing all Azure services.
Rotate credentials regularly: Change passwords every 90 days and update in Go Fig settings.
Monitor query activity: Review Query History in Go Fig and Azure SQL audit logs.
Schema isolation: Grant access only to specific schemas needed, not all schemas.
Never use admin credentials: Create a dedicated user with minimal necessary permissions.