direct access to https://stratus.zendesk.com/access/jwt?jwt=<token> without passing through configured login url

I would like to enable SSO in Zendesk such that the users already authenticated in my application can access the Zendesk helpdesk without a login step. The users are  authenticated by different IDPs and there is an ever growing number of them (we use a multi tenant approach with one keycloak realm per tenant).

My understanding from the docs is that I have to do a custom implementation for the Zendes JWT SSO mechanism in my system since it does not follow any standard.

Since the users in my application are already authenticated in my application there is no need to redo the authentication step . Hence I  construct the Zendesk JWT token and send it directly to https://myapp.zendesk.com/access/jwt?jwt=<token>&return_to=https://myapp.zendesk.com/hc without accessing the  https://myapp.zendesk.com/hc first and relying on the redirect by zendesk to the configured login url. Zendesk reads the token just fine and authenticates the user and redirects to the helpcenter at https://myapp.zendesk.com/hc. However this call then returns a 404 Page not found. Even though the help center exists. There is most probabely somthing in a cookie by Zendesk that triggers this strange error message. Since I can only access the help center again, if I delete all cookies.
Is there something I can do to make this work? Or is the redirect call mandatory, if so why?