The documentation indicates that Splunk Cloud supports encrypted assertions with SAML SSO:
https://docs.splunk.com/Documentation/SplunkCloud/8.2.2202/Security/HowSAMLSSOworks "Configure automatic decryption of SAML assertions from an IdP"
However, the instructions for obtaining the Splunk instance's encryption certificate appear to be for Splunk Enterprise installs, not for Splunk Cloud. For example, "On your Splunk platform instance, change to the $SPLUNK_HOME/etc/auth directory."
A little help?