We'll need to research how we can make SSO work when switching between ACM and OCP consoles. The ACM team has mentioned that they might have a solution that works with some IDPs. We need to determine if it's specific to their extension mechanism where the app is behind a single Ingress.

A poor man's SSO solution might be possible where console POSTs the user's token to ACM when redirecting to the other console. This is somewhat tricky since the frontend doesn't have direct access to the user's token, which is stored in an HTTP-only cookie. We did have a similar way of sharing login with Kibana in 3.x.

Additionally, we'll need a way to make SSO work when ACM redirects back to the OCP console.

This story is an R&D only story to determine how to make this work.

Acceptance Criteria

• A determination with the ACM team whether this is feasible in 4.8
• Agreement with the ACM team on the approach
• Stories elaborated for additional work under the ACM epic