Background: Some customers might meet "Failed to get group information" when selecting sync scope "Sync only assigned groups and users". This article explains how to troubleshoot in this case.
How to fix
1. Check API permissions
To obtain group info, it is necessary to configure some extra permissions Group.Read.All and GroupMember.Read.All in Azure. Please go to All applications → choose your Admin Console app→ API permissions, add these two permissions.
Make sure below three permissions are granted. For more details, please refer tohttps://kb.foxitsoftware.com/hc/en-us/articles/7399746625556-Microsoft-Azure-Active-Directory-SAML-SSO-2-0-user-sync-configuration. 
2. Sign out admin console then sign in, try to get group info again.
