Hello All,
In the end, I used the method of inviting a guest, creating a new account, and then inviting it to another Tenant. I controlled the account's properties using the system-assigned managed identity for an Azure Automation account. When it was necessary to update the Secret for the Microsoft Entra application, I would enable that account, and during regular times, I would keep it disabled.
After all, automation cannot log in with accounts that have MFA enabled, so I used this approach to prevent any security issues from arising.