- "Is it possible to cross tenant access WITHOUT using the customer credentials (even without shared access keys) ? Yes, this is possible : https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-customize-ui
Note: User should have access to the Guest account.
If user and you are in different tenant you need to invite as a Guest and add permission to storage account.
- Once you are invited in to the account(Guest) you don't need Shared Signature permission.
- You can provide access different level of access using IAM in Azure portal without storage account key. Additional information: Refer to this MSDN thread which provides detailed information, How RBAC works with AAD and more.
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.