Single sign-on (SSO) is a method of access control that enables a user to authenticate once and gain access to the resources of multiple software systems.
[Wikipedia]

There are many ways to add single sign on to your web-application. In this case I'm talking about single sign on over different domains. The beauty of single sign on authentication outside of your application is that you are not responsible for the authentication data. You're user doesn't have to trust you with this data anymore, but is able to rely on another source. If you are implementing single sign on you'll have to know the requirements of your application. There are two ways single sign on can work: user centric or company centric.

User centric

The first way puts the user and her/his wishes in the center. The user gets to choose who she/he trust to perform authentication and what data this third party should give you. There are a lot of provider for this, like Google, Facebook or LinkedIn. With most of these providers you need to know the interface of this provider, which is unhandy.

It is also possible to use OpenId. OpenId is a standardized protocol that gives a web-application the opportunity to accept any authentication provider that implements this protocol (and you just need to know one interface). The user is able to choose between providers and how strong the authentication must be. For example myopenid.com provides authentication based on user-name and password, but also by phone, which makes authentication a lot stronger. Your site doesn't need to know any of this providers, only the protocol being used. The user is free to choose the third party she/he trusts, which should make her/him a happier user (I hope).

Company centric

Using something like an open ID is beautiful, but if your goal is to protect company data it isn't enough to rely on a third party to do authentication. Still it is a good idea to not be responsible for the authentication data. Companies need more data added to an user-name, like an employee number and a location. Besides that a company really need to be able to trust the authentication mechanism, thus a company needs to be able to control this authentication mechanism. Techniques like Active Directory are very well suited for this purpose and most frameworks offer standard solutions to use these techniques.

Conclusion

If you want to use single sign on you need to be aware which data you are protecting. If your application is out on the web and the data you're protecting is all about the user, OpenId is a good way to externalize the authentication. For a lot of frameworks there are solutions to use OpenId, for example for the .Net framework there is DotNetOpenAuth, an open source project to provide OpenId authentication.