You don't need any particular license to be able to authenticate using SAML to Azure AD. However, to enable a conditional access policy to require MFA, you do need at least an Azure AD P1 license. Our users get that as part of the M365 Business Premium, so we did not need to purchase that separately. The link below helped me set up the SAML authentication part:
AnyConnect Azure AD SAML Configuration - Cisco Meraki
Then the conditional access policy to require MFA is also pretty straight forward once you have the license to enable it. In Azure AD, when you're inside the Cisco AnyConnect application that you configured in the previous step, you can click on the Conditional Access tab and it will then create a new policy that is limited in scope to the AnyConnect application only. Add your users and your conditions and you should be ready to test it out.