Single Sign-On works by issuing?

Single Sign-On (SSO) is a user authentication process that enables a user to access multiple applications with one set of login credentials. The primary mechanism behind SSO often involves the issuance of tokens.

Tokens are small pieces of data that temporarily validate the user’s identity and permissions. When a user successfully logs into one service, the SSO system generates a token that contains information such as the user's identity and session details. This token is then used to authenticate the user to other applications without needing to log in again. The beauty of tokens is that they can carry expiration times, scopes, and claims, enhancing both security and usability.

Using tickets, while related, is typically more specific to certain protocols and may not be as broadly applicable across all SSO implementations. Tokens, on the other hand, are fundamental to a wider range of authentication processes and systems, making them the correct choice in the context of Single Sign-On.