Axiom as public facing self-service customer-specific portal

We have a v24 canary historian that collects flow rates from meters. The flow is coming into our pipeline system. The product comes from various customers (approximately 90 different customers). A customer can have 1 or more meters. We'd like to create a public facing portal using Axiom where people can log in and see the flow rates for all of their meters and no other customer meters. Here's my plan, please let me know if you see issues of any kind.

1. Create a View where the first level is customer and the 2nd level is meter. The meter asset has the flow rate tag.
2. Connect Canary to Entra ID using OpenID
3. Create an Entra group for each customer that wants to see their meters
4. In Identity, remove default access at the top, and map each Entra group to the appropriate customer asset.
5. Create an Axiom application that leverages an Asset Template control to show the flow for all meter assets.

I'm hoping, we can give users access to this one Axiom application and it magically shows them just the meters they have access to.

Questions:

1. With the approach above, I think external users would have access to see the Public Folder Axiom displays, even if they couldn't see the data in them. Is it possible to set up a 2nd instance of Axiom on a 2nd server? So that we have an internal facing one and a public facing one?
2. There's no way in Canary Identity to say "if a user has an email with domain x, they go to group x" is there? I'm assuming that would have to be done in Entra?