You should look into the Virtual Roles concept. You can create roles in Episerver that you can set page/functionality access restrictions for, but that don't require you store the users in Episerver.
Let's say an external user is authenticated at the external site, and you want them to have access to your Episerver site with a certain set of user permissions.
If you can pass along some token to Episerver that says the user is authenticated, you can have code that puts the user in one of your virtual roles in Episerver.
Here are some links on this subject:
I need solution on the following scenario