I’m not sure if it meets your requirements, but it can be done with DiscourseConnect. Basically, just set a fake email addresses for the email field on the SSO record and set the site’s disable emails
setting to either “yes”, or (probably better) “non-staff”. Then setup a DiscourseConnect provider site that allows for registration without an email address.
If possible, it’s probably safer to have staff accounts have real email addresses and receive emails from the site. For example, that will allow them to login via the /u/admin-login
route if there’s ever an issue with DiscourseConnect.