Connecting to Great Plains requires exposing a port publicly. There are few options to add additional layers of security:
1. Build a host that does the custom authentication and if valid, it forwards the request to the Great Plains instance.
2. Use a jump server like ngrok/kong to do the validation part and then forward the request to the Great Plains instance.
The calls from Cloud Elements to Great Plains are backend calls, we recommend to only open the ports related to Great Plains on the windows server. Alternatively, the route53 service on AWS is a great example of a managed service.