Symptoms
When building out a workflow in Designer and implementing a user event in the participation segment of the wizard a search for groups would not return anything
Diagnoses
K2 Appit uses security labels to distinguish where to get users and/or groups. In the case of AAD a forwarder is registered which points to the AAD security label plus name for the group/user. This forwarder allows K2 to search through groups on the AAD side of things, not just sharepoint. This forwarder was missing which means there was nothing to find AAD users or groups.
Resolution
To fix this the forwarder has to be created and forced in on the back end. This issue has been logged and is slated for update. This issue currently affects all onPrem set ups.