Hello Gang 
When you have SSO configured in the harness using Azure AD, you may encounter the following error when trying to provision a group and/or user:
The Group "test" will be skipped due to the following reasons:
1) This object is not assigned to the application. If you did not expect the object to be skipped, assign the object to the application or change your scoping filter to allow all users and groups to be in scope for provisioning.
2) This object does not have required entitlement for provisioning. If you did not expect the object to be skipped, update provisioning scope to "Sync all users and groups" or assign the object to the application with entitlement of provisioning category
This happens because of the Scope configured in your provisioning configuration on your app. This field selects whether to synchronize only those users and groups assigned in the Users and Groups section or to synchronize all users and groups in the directory.
Note that both options are subject to any scoping filters defined in the Mappings section, which can additionally limit which users, groups, and attributes are synchronized.
In that case, you can go to your provisioning configuration on your Enterprise App used for your SSO configuration and edit it to check which option you are using:
On this page, if you are using the Scope as Sync only assigned users and groups, you will need to add the User or Group to the Users and groups session in your Azure App:
After that, your resource will be provisioned on Harness through SCIM successfully.
Note:
A different option, in this case, is that you can also change the Scope to Sync all users and groups. But beware, as the option suggests, all users and groups within your Azure directory will be synced and imported into Harness via SCIM without the need to add the resource on the Users and groups session of the Azure application.
Oficial Azure SCIM doc:
See you 