I know it's a lot easier to manage with WCS as you can import a file with the macs of the APs, but on the controller you will need to go to Security / Ap Policies, and add the macs of the APs for your 50 devices. Then you'll need to check the box to "Authorize MIC APs against auth-list or AAA". The auth doesn't happen until the AP joins, so if there is a problem, you won't see it until the next time the APs reboot. If you have older APs that don't have MICs, then the add step is a little different, but newer APs just need the macs.
Make sure the 8 APs connect to the controller. Configure them as H-REAPs and make the other 50 APs join the controller blocking the 8 from joining. Now the 8 should be stranded and going into WAN down, local switching mode. If your version of code supports AP priority (I don't think it does) then you could set up higher priority for those 50 and a slightly lower priority for the 8. When you need to configure your H-REAPs drop a couple of the 50 APs down a couple of priority levels and your H-REAPs should rejoin. Once your done drop disconnect your H-REAPs and let the other APs rejoin and reset the priority.
Don't do this during production time because it will drop clients. Or, just buy another controller. Also, don't blame me if this doesn't work because I've never tested or done this before.