Private public 5G Network interworking

How does a 5G Private Network Service provider (not CSP) manage the following usecase assuming that the enterprise has its own spectrum:

Devices connect to private network always while in indoor. A subset of these devices shall be used outdoor as well.
Once the user moves out of indoor coverage area, the 5G service should be provided by the CSP (assume some agreement is in place with the CSP to provide such service).

Looking for options on what deployment model is best to achieve the above objective:
Should we provision the subscriber on the UDM in private network as well as public network?
Who manages the SIM card and auth key? If it is managed by CSP, auth key will not be available to the 5G Private Service Provider

I don’t see any option apart from having the core sliced from the service provider and hence the subscription centrally managed by the CSP’s UDM. Please let me know if there are any other options available for the above deployment model.