Skip to content

Connecting Tursio

Tursio can be deployed on the cloud, on-premises, or in hybrid mode. In all cases, Tursio needs access to data and LLMs. This page describes how to set up these connections.

Data Agent

A dedicated gateway establishes a secure connection between the customer and Tursio, ensuring that only authorized traffic is routed through this channel and preventing access by unauthorized users or external operations.

The data agent is deployed in the customer's environment for on-premises and hybrid deployments, and in the Tursio environment for cloud deployments. Once configured, the data agent appears under the Agents tab on the Settings page, as shown below:

Screenshot

AI Agent

Tursio supports managed LLMs for immediate use across all three deployment modes.

Users can also bring their own keys (BYOK) for privacy. Tursio currently supports BYOK for Azure OpenAI. Users can integrate their Azure OpenAI subscription by providing custom credentials (Base URL, API key, and model details).

This flexibility allows:

  • Using default supported models directly.
  • Adding and managing customer-specific GPT models as needed.

Configure

To use custom credentials, add a model configuration.

Screenshot

The Models page provides three actions represented by icons: Add, Edit, and Delete.

Add Model

Refer to the Azure OpenAI section for setup instructions.

When adding a model, provide the following details:

  • Base URL
  • API Key
  • Models (select from the supported dropdown options)

Supported Models:

  • gpt-4.1 [Required]
  • o3-mini [Required]
  • text-embedding-ada-002 [Required]
  • gpt-4o

Each added model also requires:

  • Display Name — the deployment name of the model
  • API Version — the version of the model API to use

Edit Model

When editing an existing model configuration, the following rules apply:

  • Base URL — cannot be modified once the model has been created.
  • API Key — can be updated at any time.
  • Models — can be edited or updated.

This ensures that the core endpoint (Base URL) remains consistent while allowing flexibility to rotate credentials (API Key) or adjust the model list as needed.

Fallback

If customer-provided credentials are unavailable or invalid, the system automatically reverts to Tursio's default key. This fallback ensures:

  • Continuous access to supported models without interruption.
  • Seamless query execution even when customer credentials fail.
  • A reliable default configuration for all mandatory models.

Auth Agent

Tursio supports Microsoft Entra ID sign-in for on-premises deployments on Docker (single container, HTTPS) and AKS (single pod, HTTPS). Admins can configure their Entra App credentials (Client ID, Client Secret, Authorization URL, Redirect URI) to enable Login with Microsoft.

Prerequisite

Set the following environment variable during deployment: ENABLE_AUTH_AGENT=true

If not set, the Authorization Agent UI will not appear and the Login with Microsoft button will be hidden.

Register Entra App

Create the app registration

  • Sign in to the Azure Portal and search for App registrations in the search bar.
  • Click + New registration (or "Register an application").
  • Fill in the registration form as shown in the screenshot.
  • Click Register.

Screenshot

Upon successful registration, the app's Essentials section displays the Application (client) ID. Copy this value — it is needed for the portal authorization agent configuration.

Screenshot

Create a client secret

  • In the app registration, go to Certificates & secrets → Client secrets.
  • Click + New client secret.
  • Provide a description, for example "internal-common-secret".
  • Choose a rotation period (e.g., 6–12 months per your policy). Record the expiry date and rotate the secret before it expires.
  • Click Add.
  • Important: Copy the Secret Value immediately — it is shown only once after creation. Store it securely (Key Vault, secret manager, or password manager). If lost or expired, create a new secret and update the portal authorization agent configuration.

Screenshot

Screenshot

Screenshot

Configure Agent

Step 1: Open Settings

  • Navigate to the Agents tab and find the Authorization Agent section.
  • Click the Add icon.

Screenshot

Step 2: Add Authorization Agent Details

In the Add Authorization Agent window, provide the following details:

  • Client ID: The Application (Client) ID from your Microsoft Entra ID app registration.

  • Client Secret: The secret value generated in your Microsoft Entra ID app.

  • Authorization URL: Your Microsoft Entra ID authorization endpoint.

  • Redirect URI: Your portal's callback URL. Ensure it:

    • Uses HTTPS
    • Ends with /ms (e.g., https://yourportal.com/ms)
    • Exactly matches a redirect URI registered in your Microsoft Entra ID app

Screenshot

Step 3: Verify User Accounts

  • Open User Management.
  • Confirm that each user account exists.
  • Ensure each user's email address exactly matches the Microsoft account they will use to sign in.

Screenshot

Note

User deletion is a soft delete. The deleted user record remains in the system database but is no longer visible in the User Management interface. This is implemented for security and audit purposes.

Before creating or deleting users, ensure that user details and role assignments are accurate. Incorrect configurations may cause conflicts during future user recreations, as soft-deleted accounts retain their associated email addresses.

To permanently delete a user record, contact Tursio Support for instructions.

Once the Authorization Agent configuration is saved successfully

  • The "Login with Microsoft" button appears on the portal login screen.
  • Users can now sign in using their Microsoft account.

Screenshot

Databases

Tursio allows users to connect, manage, and maintain multiple databases for natural language querying. You can onboard new databases, edit connection details, refresh metadata, or remove databases as needed. Tursio currently supports 12 database backends: SQL Server, Azure SQL, Fabric Warehouse, Synapse Warehouse, PostgreSQL, MySQL, Teradata, BigQuery, Snowflake, Databricks, Cassandra, and Excel.

The following screenshot shows the database connection panel. Once connected, you can query all supported databases from a single place, regardless of the underlying dialect. Users can add multiple connections with different roles to the same database and control access of different connections for different users.

Screenshot

Add Database

To add a new database, click Add Database in the Database section and fill in the following details.

Basic Information

  • Name — A display name for your database connection.
  • Dialect — The database type from the dropdown list (e.g., Snowflake, Databricks, SQL Server, Azure SQL, Fabric Warehouse, Microsoft Excel, Cassandra, etc.).

Credentials & Connection Details

  • The fields vary depending on the selected dialect. Common examples include:
    • Snowflake / SQL Connections: Hostname, Username, Password.
    • SQL Server / Azure SQL: Client ID, Client Secret, Hostname.
    • Warehouse-based dialects: Warehouse name (if applicable).
    • General: Database name (used for training and querying).
  • Whitelist IPs — Optionally whitelist the platform IPs on your database firewall for secure connectivity.
  • Additional Parameters — Optional connection parameters in comma-separated key-value format.
    • Example: authentication=serviceprincipal, trustservercertificate=yes

Validation & Save

  • After entering all required fields, click Validate.
    • If credentials are correct, a success message appears.
    • If incorrect, an error message guides you to correct the details.
  • Once validated, click Accept to save and connect the database.

Edit Database

You can edit an existing database if:

  • The name needs to be updated.
  • Credentials (e.g., password, client secret) have changed.
  • Additional parameters or connection properties need to be modified.

Note

To edit a database, go to the database entry, click Edit, update the fields, and re-validate the connection before saving.

Delete Database

If a database connection is no longer needed, it can be safely deleted:

  • Select the database from the list.
  • Click Delete and confirm the action.
  • Once deleted, queries will no longer run against this database.

Refresh Metadata

If new tables, columns, or schema changes have been made in the database, you can refresh the metadata to keep the system up to date.

  • Go to the connected database entry.
  • Click Refresh to sync the latest structure.
  • This ensures that natural language queries recognize newly added objects.

Tip

Always validate credentials before saving to ensure smooth connectivity.

Security Note

Passwords and secrets are encrypted and stored securely.

Azure OpenAI

Create Resource

  • Go to the Azure AI Studio portal and start creating a new Azure OpenAI resource.

    A screenshot showing the Azure AI Studio landing page with a 'Create Azure OpenAI' button highlighted.

  • Enter your Subscription, Resource Group, Region, Resource Name, and Pricing Tier.

    A screenshot of the 'Create Azure OpenAI' form with fields for Subscription, Resource Group, Region, Name, and Pricing Tier.

  • Click Next and review firewall or network settings if needed.

    A screenshot showing the Networking tab of the creation wizard, with options for network access.

  • Follow the wizard to the Review + submit screen and click Create.

    A screenshot of the 'Review + create' tab showing a summary of the configuration before creation.

Validate Resource

  • After creation, your resource appears under the resource list and on its Overview page.

    A screenshot of the Azure OpenAI resource Overview page, showing its status, location, and other details.

  • Verify that the status is Active and the resource appears in your desired subscription and resource group.

Deploy Model

  • From the Overview page, click Go to Azure AI Studio (shown in the image above).

  • Inside Azure AI Studio, locate your OpenAI resource under "All Resources".

    A screenshot of the Azure AI Studio portal showing a list of available AI resources.

  • Navigate to the Deployments section.

  • Deploy a model by selecting the model type (e.g., gpt-4), assigning a deployment name like gpt-4-deployment, and waiting for the deployment status to show Succeeded.

Gather Info

  • Your deployment details, including the endpoint and API key, can be viewed here.

    A screenshot showing the model deployment details page with Endpoint, Keys, and other information.

  • From the deployment details page, collect the Endpoint, Deployment Name, and an API Key.

  • Ensure your network/firewall allows access, as configured during resource creation.

Test Model

Run the following cURL command in your terminal. Replace the placeholders <your_endpoint>, <your_deployment_name>, and <your_api_key> with the values you collected.

Test Command & Response 
curl -X POST \
  "https://<your_endpoint>/openai/deployments/<your_deployment_name>/chat/completions?api-version=2023-05-15" \
  -H "Content-Type: application/json" \
  -H "api-key: <your_api_key>" \
  -d '{
    "messages":[
      {"role": "system", "content": "You are a helpful assistant."},
      {"role": "user", "content": "Hello, Azure OpenAI!"}
    ],
    "max_tokens": 50
  }'

A successful response looks like:

{
  "choices": [
    {
      "finish_reason": "stop",
      "index": 0,
      "logprobs": null,
      "message": {
        "annotations": [],
        "content": "Hello! How can I assist you today with Azure OpenAI or anything else?",
        "refusal": null,
        "role": "assistant"
      }
    }
  ],
  "created": 1758872481,
  "id": "chatcmpl-CJxMvn6onHKYcpXJgPsFVmszUKiJN",
  "model": "gpt-4.1-2025-04-14",
  "object": "chat.completion",
  "system_fingerprint": "fp_9ab7d013ff",
  "usage": {
    "completion_tokens": 17,
    "completion_tokens_details": {
      "accepted_prediction_tokens": 0,
      "audio_tokens": 0,
      "reasoning_tokens": 0,
      "rejected_prediction_tokens": 0
    },
    "prompt_tokens": 23,
    "prompt_tokens_details": {
      "audio_tokens": 0,
      "cached_tokens": 0
    },
    "total_tokens": 40
  }
}