It’s still not 100% clear to me. For the client applications that use Auth0 for authentication, regardless of the authentication method used (username/password with a Auth0 database, federated social login such as Google or Facebook, etc.), Auth0 is the central authorization server where the SSO cookie is being set.
So as long as a user has a valid Auth0 session, SSO would work by default due the architecture design of the client applications in conjunction with Auth0.
This blog post explains the SSO mechanism a bit more, maybe it helps:
Or maybe you can clarify what you understand under the term “SSO”, maybe there’s a misunderstanding there.