You are correct. What the customer will see is the Security group name(s) on the managing service provider's tenant. They cannot see the names of the members of that security group and there is no way to share these details with inviting the customer in to the service provider's tenant as a guest user and giving them permissions to see the group members - such as a directory reader role.
I would not recommend this however as customers should not have access to a service provider's tenant. So I agree that a level of trust is required, the customer can see the level of access granted to their Azure resources but they are not entitled to see the names of the individual users with this access.