Instead of the vCenter hostname, use the loadbalancer hostname in the URL
https://loadbalancer-xyz/usergroup/t/CUSTOMER/scim/v2
Configure the load balancer to forward SCIM push data to the vCenter while setting the correct host header value. The host header should be hostname of the vCenter.
This is an example using HA Proxy.
vc01.domain.com is the vCenter
haproxylb01.domain.com is the load balancer
For other load balancers from other vendors, the configuration may vary:
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
# http-request set-header Host vc01.domain.com
frontend vcenter-frontend-443
bind <LB IP Address>:443 ssl crt /etc/haproxy/vcenter-frontend-443.pem
option http-server-close
option forwardfor header <LB IP Address>,haproxylb01.domain.com
stats uri /haproxy?stats
acl scim_path path -i -m sub /usergroup/t/CUSTOMER/scim/v2/
use_backend vcenter-backend-443 if scim_path
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend vcenter-backend-443
mode http
http-request set-header Host vc01.domain.com <VC IP Address>