Well, there's alot of questions there but I can answer a small part:
>>> For SSO, if one user access multiple application, user might end up in wrong application and has to manually switch applications
Pega's internal and external authentication features, starting with the operator ruleform that refers to a default access group, will allow you to specify which application that user will see when they first log in. They'll only need to manually switch if their operator form has multiple access groups and the one specified as their default one is not the one they need to use.
Thanks for submitting the question. Pega's architecture is very different from that of a usual enterprise application and thus it may appear restrictive in some ways but these very differences provide Pega its unique capabilities.
Development, testing, migration and monitoring in Pega will have its differences and you'll have to leverage Pega's best practices and features to perform those jobs.
In fact, this architecture provides huge advantages and makes collaborative Pega development, migration and management easy. Use of Pega technology by large corporations to build and host their enterprise applications is a testament to that.
1. For SSO, if one user access multiple application, user might end up in wrong application and has to manually switch applications.
>>> As Eric pointed out, the user will be presented with the application that corresponds to the default access group for a normal login.
SSO can be set up such that different applications have unique URLs and a logged in user can be presented with a different application interfaces.
2. Overhead in separating assignments, queue items, attachment links among shared tables.
>>> Pega does the job of separating these items for you. OTB wizards that package Work will take care of putting together appropriate assignments, attachments etc. when migrating work.