Simon Gellis

Our organization found another workaround for passing in the email address: before authenticating to messaging, we generate the token used for SSO authentication, and have the browser make a call to the Zendesk JWT SSO endpoint https://support.zendesk.com/hc/en-us/articles/4408845838874-Enabling-JWT-single-sign-on#topic_w5x_1fh_3fb (in no-cors mode, ignoring the response). We also set the same externalId for each user on both SSO JWTs and messaging JWTs.

The end result is that anyone signing into messaging has their account linked to the one used by SSO, and the email shows up as you'd expect.