The URL to verify authentication has been removed from config user saml and replaced by config user external-identity provider.

7.2.7 and earlier:

config user saml
    edit <name>
        set auth-url <string>
    next
end

7.2.8 and later:

config user external-identity-provider
    edit <name>
        set type ms-graph
        set version v1.0
    next
end

After the external identity provider is set, make sure that the existing user group has both the SAML server and the external identity provider as members:

config user group
    edit <group>
        set member <saml server> <id provider>
    next
end