Thanks for the info Dan.

Zendesk also support JWT/oAuth SSO. I guess I'll give that a try - though it seems unlikely to give a different result.

If that fails, we will rely on session timeout and disable the logout button.