Authorize Azure Resources without Azure Active Directory with okta access token only which is generated on client side

As per customer, for Authentication and Authorization they were planning to replace Azure Active Directory with OKTA as an Identity Provider.


1.Can we assign managed identity to each service if we use Okta ?

2.If we use Okta, can we use RBAC to control access between Azure services and user groups. If yes, can we use existing roles defined in Azure or do we need to setup Role and permission in Okta ?

3.How can we achieve azure resources Authorization if we go with OKTA Provided Token? like APIM, Graph API