Single sign-on (SSO) is a technique, that allows users to authenticate to a third-party service (Kayako) with another service (the SSO service). This means, that a user can authenticate to the SSO service using, e.g., username and password. Then, this service can generate a special token and use it to automatically authenticate the user to a third-party service. In this way, the user shares username and password only with one of the services and other ones authenticate the user using the trusted token, that was generated by this service.
Using single sign-on you can have users of your primary web portal automatically authenticated in your Kayako helpdesk. This way, you can also embed components of your Kayako system, e.g., chat, into your primary web application.
To implement SSO Kayako uses JSON Web Token (JWT). It's an open standard, that describes a way of transmitting information between parties in a compact and secure JSON-based format. To make sure, that the sender can be trusted, JWT uses a digital signature. As the JWT token is small, it can be specified as a URL argument or in an HTTP header.
For details about JWT check RFC 7519.