It depends. Does your environment already run ADFS or some other product that can talk SAML?
If you're already leveraging SAML in your institution then you can take advantage of true SSO. If not then just authenticate using LDAP. A SAML Identity Provider is not a trivial thing to get up and running. Of course, I'm assuming that your splunk instance is on-premise or, if it's splunk cloud, then your security policy allows ldap connections from outside your domain.
SAML is definitely something to look into (in the future) as it's inherently more secure.