sql server – How to ensure an app builder doesn’t have acccess to database?

So, we have made a web application login protocol via which users can query a database on Azure SQL Server with sensitive data. Now partner-organizations want to use the same app to query their own databases on their own Azure SQL Server.

Is there a way where we can ensure that as admin + host of the web application we don’t have access to their sensitive data, while we are able to send user from the correct Identity Provider through.

Until so far I found the OAuth 2.0 Token Introspection, specifically this implementation: wiki.surfnet.nl/pages/viewpage.action?pageId=23794471. Is there a way to implement this within Azure around the Azure SQL Server (if needed via a very simple API)?