Hello @Chris Meisner
Thank you for reaching out. I would like to inform you that you can use RegExReplace transformation type in claim transformation rule to transform UPN from ******@contoso.com to ******@contoso.com as listed in below screenshot.
You can modify the pattern as per you requirement and test he claim transformation on Azure Portal itself before saving the rule.
For more information you can review following details: Customize claims issued in the SAML token for enterprise applications.
I hope this answer helps to resolve your issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.