Hi @Will
If you want to access this web app in SP. This may be difficult to achieve (you need some custom development). As far as I know, what we can confirm is that the SP account (from tenant B) can log in to the web app hosted in tenant A.
If you want to use SP account (from tenant B) to access web app hosted in tenant A. When deploying the web app, you should configure issuer (configured as tenant B), so that you can log in as tenant B users during AD authentication.
By default, App Service authentication allows unauthenticated access to your app. To enforce user authentication, set Action to take when request is not authenticated to Log in with Azure Active Directory.
You can refer to the following article for more information:
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.