Based on your description, it sounds like individual users are being assigned a single device which is distributed from or available in a pool of devices. Not the purpose of your request, but that's not really ideal, in my opinion. You're mixing management methods with enrollment methods, in other words.
If you transition to shared devices which require enrollment at point of distribution, you will work-around the requirement, potentially.
That said, the creation of profiles and smartgroups via REST is possible but you will need to work on the code. I didn't see any samples on the EUC github. You won't get around having 40 profiles though, even if you automate the creation flow by scripting their creation. The device requires the proper profile for displaying the lock screen content and the variable information doesn't refresh if the variable information changes. The profile is still "current" on the device as far as WS1 is concerned even if the variable information {Username} is not.
https://resources.workspaceone.com/view/zv5cgwjrcv972rd6fmml/en may help.