We'd need more information. SSO is usually provided via a plugin module to whatever security framework you are using. For example, the "CAS" SSO system has a Tomcat Realm plugin.
SSO is not generally coded into apps, since there are many reasons why it's preferable that security be an external matter - not least of which is that most developer-designed security systems are anything BUT secure. Instead, the security is applied externally. The Tomcat security Realm, for example, is an implementation of the Container-Managed Security component of J2EE and JEE.
When it comes to destroying a civilization, gas chambers cannot hold a candle to echo chambers.