Sync users from one Azure AD instance to another
I was hoping there would be a way to 'link' the two ADs and set-up grants like "all users from tenant X are members of group Y" in order to be able to use those groups for the access solution mentioned.
Well, it's not exactly a button that says "invite all users from this tenant", but you have an option there called "Azure AD B2B Bulk Invite", which will save you the trouble of inviting users one by one by collecting all the data you need in an excel file, you could generate this excel file easily from the tenant you want to invite users from: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/tutorial-bulk-invite
Once the invitation is sent, you could manage how the redemption is done, you really don't need users to accept that email once the initiation is sent. All the newly invited guest users have to do is sign-in to a common endpoint, or to an app that exists in your tenant: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/redemption-experience
If you are developing your own SAML apps or just adding apps from the AAD gallery, and you want users from other tenants to sign-in to those apps, you could create a user flow to collect the user claims during the app sing-in and create a guest account for them too: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/self-service-sign-up-user-flow
If you believe that the above option is going to cause trouble and people will just start randomly appear in your tenant, then you can configure B2B options to limit what guest accounts can do in your tenant: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/delegate-invitations#configure-b2b-external-collaboration-settings
If you want to delegate all of the hassle of managing B2B guest accounts in your tenant to someone, there's an AAD role for that called "Guest inviter" role: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/delegate-invitations#assign-the-guest-inviter-role-to-a-user
Adding guest users to your tenant doesn't do anything unless they are given access to apps. Your tenant users can invite those guest accounts to access apps in the same tenant, and you could delegate app access management to app "owners", who can review and approve app access requests from guest accounts too: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/add-users-information-worker#invite-someone-to-join-a-group-that-has-access-to-the-app
My apology for the wall of text :)