Single sign on for controllers in Airwave has nothing directly to do with radius roles, but everything to do with Airwave internal roles. In each management role in Airwave, you determine whether or not they will have single sign on privileges to the controller or not. If yes, you select what role (privileges) in the controller would correspond to roles in Airwave.
This only comes into play on the "Open Controller WebUI" dropdown when viewing the monitoring page of a controller in Airwave. If Single Sign on is configured for the Airwave user's role, Airwave will login to the controller and execute the allow-sso command which will generate a temporary URL that airwave can use to redirect the Airwave user to the Controller's GUI without logging in with the correct privileges. That would allow a user who has already logged into Airwave, NOT to have to login to the controller before going to a page.
Of course, since the command is missing in 6.2, there is no way to take advantage of this until it is fixed. :(