Unfortunately you aren't going to find any straightforward docs from Microsoft on integrating with Knack. I personally did not use SAML, so I can't speak much to that exact setup. I used OAuth 2.0. I figure the process is probably relatively similar just different endpoint URLs and certs instead of secrets. This is how I did it for OAuth.
In the Azure AD Portal:
Create a new app registration. Under Authentication, set the redirect URI to the base URL of your application. I have two, one without the closing slash and one with, to handle however the user types it.
Also enable implicit grant:
Go to Certificates and Secrets. Generate a new client secret. This is the one you will use in Knack.
Go to API Permissions and add https://graph.microsoft.com/User.Read as a delegated permission. Go ahead and grant admin consent for your organization as well.
You can also go ahead and modify the enterprise application entry as well if you want to restrict the login to certain users in your org.
Hope this helps!