two-step verification is a piece in the flow of authentication, proving the person asking is who they say they are

sso is where you as the user get a secret manually or automatically, your applications/network/systems are configured to challenge that secret, the challenge succeeds and you get authroized (separately is the hydration of your permissions from the access controls which are tied with who you are) Many applications set to run in environments where SSO could be expected already have ready to go functionality settings and configurations for communicating with SSO. ...Sometimes you have to borrow or make your own way to subvert the default logins.