Single Sign-On (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. SSO works based on relationships (two-factor authentication) set up between an application and an authenticator, like LastPass or Google Authenticator. This trust relationship is often based upon a certificate that is exchanged between the authenticator and the service provider. This certificate can be used to sign identity information that is being sent from the authenticator to the service provider so that the service provider knows it is coming from a trusted source. In SSO, this identity data takes the form of tokens which contain identifying bits of information about the user like a user’s email address or a username.
Additional Reading: How Single Sign-On Works