Perhaps the easiest way is first to configure SAML on your deployer. Then copy the $SPLUNK_HOME/etc/system/local/authentication.conf file to $SPLUNK_HOME/etc/shcluster/apps/org_SAML_auth/default. Use the splunk apply shcluster-bundle command to send the app to SHC members. After that is done you can turn off SAML on the deployer, if you wish.
--- If this reply helps you, an upvote would be appreciated.