Generally a transalation service is deployed for such a scenario.
Like you can implement a VRF Aware NAT gateway between the Shared Service and the Customers. Place this gateway close to the source i:e the Hosted or Shared Service location.
And then you can try natting the user IP address to a IANA reserved public range. As these IP's wont be used by your customer ever. And you can have a clear NAT.
ALso you need to implement all your routing control via imports exports on the NAT GW.
Points to be careful about are:
a) scalability of the hardware being used for natting.
b) routing control between shared service and customer only via the NAT GW.
c) Using totally unique IP transaltion for the RFC 1918 range of IP's.
HTH-Cheers,
Swaroop