So I found a way to do this by creating a service that had a rule which triggered the [Allow Access Profile]. If I did not also specify a VLAN to return, it kept the native vlan of the port.
I ended up scrapping this for my solution entirely as the "allowed user vlan", or the vlan that had ACLs which allowed users to access business systems, ended up with thousands of users. Too many users, bad performance.
I ended up with going a Downloadable ACL route. The native port vlans were left as-is but a DACL was applied based on what role a user was mapped in the service configuration. I had the roles grabbing a user's domain authentication source. This method allowed me to secure access to and from the proper resources without needing to rearchitect our entire vlan structure.