...
So you can get everything required with some digging in the GUI, and you end up with the information to create the metadata.
The most confusing part is that "domain prefix" it mentions, which has to be defined ahead of time to control where some of the built-in pages Cognito serves up will live. It's possible to define a fully custom domain in your own DNS for this, but the normal way appears to be to supply a value that ends up in their DNS and that you can basically grab first-come, first-serve in the regions.
Profile Requirements
The SAML SSO profile behavior is fairly standard and relies on signed responses and no encryption. The former is the Shibboleth default and the latter would require setting the Idp.encryption.optional property or disabling encryption for the service.
...