Our school currently has Parent Observers setup with logins and passwords which we assign to them. They then login manually using the page at 'https://<SCHOOL_NAME>.instructure.com/login/canvas'. However we've been considering providing parents with single sign-on using Guest accounts in our Microsoft Tenant. 

I've explored this a bit, and managed to get a test account up and running using my home email address. I can access Canvas using the link in the email invitation I was sent when I created the Guest account. 

Connect-MgGraph -AccessToken $mgGraphToken.AccessToken

New-MgInvitation `
    -InvitedUserDisplayName "John Doe" `
    -InvitedUserEmailAddress John@contoso.com `
    -InviteRedirectUrl "https://myapplications.microsoft.com" `
    -SendInvitationMessage:$true

It seems to work fairly well so far, but I'm in uncharted territory here...

Does anybody have any experience with this kind of setup? Any links to articles, advice, or just discussion would be greatly appreciated. 

Thanks all for your time.