What would be the best practice solution to handle automatic user provisioning and role assingment (e.g. SharePoint sites) between two Office 365 tenants? Ultimate goal is that we could invite AD groups from our clients Azure AD to our own Azure AD.

you cannot invite external groups from another Azure AD, you can delegate invitations rights to the external company, and then have dynamic groups that capture them based domain.