Update use-scim-to-provision-users-and-groups.md

Author: ArvindHarinder1

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -1198,8 +1198,8 @@ The SCIM spec does not define a SCIM-specific scheme for authentication and auth
 [!NOTE] It's not recommended to leave the token field blank in the Azure AD provisioning configuration custom app UI. The token generated is primarily available for testing purposes.
 
 **OAuth authorization code grant flow:** The provisioning service supports the [authorization code grant](https://tools.ietf.org/html/rfc6749#page-24). After submitting your request for publishing your app in the gallery, our team will work with you to collect the following information:
-*  Authorization URL: A URL by the client to obtain authorization from the resource owner via user-agent redirection. The user is redirected to this URL to authorize access. 
-*  Token exchange URL: A URL by the client to exchange an authorization grant for an access token, typically with client authentication.
+*  Authorization URL: A URL by the client to obtain authorization from the resource owner via user-agent redirection. The user is redirected to this URL to authorize access. Note that this URL is currently not configurable per tenant.
+*  Token exchange URL: A URL by the client to exchange an authorization grant for an access token, typically with client authentication. Note that this URL is currently not configurable per tenant.
 *  Client ID: The authorization server issues the registered client a client identifier, which is a unique string representing the registration information provided by the client.  The client identifier is not a secret; it is exposed to the resource owner and **must not** be used alone for client authentication.  
 *  Client secret: The client secret is a secret generated by the authorization server. It should be a unique value known only to the authorization server.