Not sure what you mean, when you say “token”. If it’s what everybody calls token which is probably access token from oauth server, then it can care less about the domain you are coming from (except CORS of course, but it’s not oauth related stuff). As long as you succeeded to authenticate yourself to the server (through application sign in), on premise that you are granted access to the resource (scope requested), you will be given access token (JWT). Then you are free to use this token to any server, which validates your token against the same oauth server.
Besides this definition of “token”, I can’t think of any other (cookies, assertions…). There are ways to build SSO without tokens, but it really depends on what a target application supports from sign-on perspective. If those products are integrated with Okta, then there is a chance to use SAML/OIDC protocols for SSO into the apps, as long as you have Okta session active and all of those apps are integrated with the same Okta tenant.