@AlexAlexon-4788, The app registration is just an entry in AAD, to say that I have an actual application running somewhere, and for that actual application I am creating this registration and whenever my actual application sends a request with this app id (generated by the app registration), please treat it as a trusted application. In other words just like a user has username and password in AAD to authenticate itself, same way the app would also have an app id and app secret (created through app registration) to authenticate itself when it reaches to AAD for token.
Now coming to the second part where you mentioned that you want to access storage accounts of other tenants (lets say tenant B) from an app that is registered in tenant A. If we compare this scenario by replacing the app with an user, the steps would be like:
Add the user of tenant A to either at the subscription level or at the resource group level or directly at the resource level RBAC of tenant B to provide access to the storage.
In the same way, the application of tenant A would also have to be added first to tenant B somehow so that the application can interact with the resources in tenant B. For this very reason, I request you to convert your app-registration to a multi-tenant app. Once you convert you app-registration in Tenant A to multi-tenant app, the service principal of you app can be registered in Tenant B, by simply accessing that app and logging into it with a user of tenant B. Once the user of tenant B accesses that application the service principal would get registered in tenant B for your actual application. Then you can use that service principal to be added at the subscription level or at the resource group level or directly at the resource level RBAC of tenant B to provide access to the storage.
This would be the only way to extend your application to other tenants. You can read more about multi-tenant application architecture and how the sign-ins happens for these apps and how are these different from normal apps here:
- https://video2.skills-academy.com/en-us/azure/architecture/multitenant-identity/
- https://video2.skills-academy.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.