Combining createTickets API call with SSO Authentication for Zoom Events

For Zoom Events, we are trying to combine a) pre-registration via our third-party registration platform and b) have attendees authenticate SSO during the event and c) limit access to sessions based on ticket type.

The method Zoom Events API allows for associating an attendee email address with the Ticket, and then our IdP will pass email during SSO authentication.

We have been hearing that this won’t work, at least in the sense that the attendee authenticated via SSO won’t be associated with the session permissions for the ticket type.
How can this be? If Zoom Events uses email as the attendee identifier (?), why wouldn’t the SSO authenticated attendee be associated with the pre-registered Ticket when the email matches?

And if this truly isn’t working - this means it’s not possible to use a third-party registration system and SSO for an event with any meaningful attendee segmentation, a rather significant limitation.

Does anyone have any insights and/or have tried something similar?