Workfront

We also found this:

To set up users in Adobe Workfront so they can only see specific projects, follow these steps:

1. Create Custom Access Levels:
• Go to the Setup area by clicking the Main Menu icon.
• Navigate to Access Levels and either create a new access level or modify an existing one.
• Click the gear icon next to Projects and fine-tune the settings to restrict access as needed[1].
2. Set Project Sharing Rules:
• For each project you want to share, go to the project’s settings.
• Click on Sharing and add the users or groups you want to have access.
• Specify the level of access (e.g., View, Contribute, Manage) for each user or group[2].
3. Use Portfolios and Programs:
• Organize projects into portfolios or programs.
• Share the portfolio or program with the specific users, ensuring they only see the projects within those portfolios or programs[2].
4. Remove Inherited Permissions:
• Check for any inherited permissions that might be giving users broader access than intended.
• Adjust these settings at the project or portfolio level to ensure only the desired users have access[2].
5. Test User Access:
• Log in as the user or use an admin view to verify that the user can only see the intended projects.
• Make any necessary adjustments based on what you observe[1].

Yup. 

I suggest a group because then you can add/remove users from that group without having to remember the person(s) that should get the access. 

AccessLevels is a good call to dial in what exactly the person should be able to do - once the can access an object.

Finally, you may want to use a layout template to hide certain menus etc. 

I need this external company to have visibility on only specific internal projects. Is there a way to lock down a company to only specific "granted" projects?

Only by way of sharing those specific projects with that company.

Thanks Sven-iX. That sounds obvious, and exactly what i want to do. Where in the UI do i share a project, and how do i select the company name?

On the project page: 

Thanks for all the helpful advise. I'm almost there. The unwanted portfolios and programs are no longer showing up for my test account. So that's good. However, when I go to the projects section I have visibility to 3944 projects (that i shouldn't see). I'm not sure why these are showing up. I checked a handful and they should only be visible to those who were invited. Logged in as a test user, I'm able to open these projects and browse timelines, documents, etc.

Maybe there's some sort of inherited permission that's making them populate? Or maybe I need to create a custom access level for these users?

Thanks for the excellent support. I had granted that user access to a group i shouldn't have granted them access to.