We have hundreds of thousands of users that is going to use okta to login through okta CIAM widget. What Okta will give us is an OAuth token.
We do not want to create these user profiles in AEM as that will be very heavy for AEM. These users are in 4 categories ; Can I create generic user profile in for these user categories and use that in place for managing AEM ACLs
Our Okta authentication will happen from browser itself, we will have an OAuth token back from them that we can pass to AEM , we can indicate the user group in the OAuth token itself or as a header parameter to AEM page request.