Hello Anwar - thanks for your question - here is what I know, however I am not sure if SAML auth effects this process in any way.
So as long as SAML auth does not effect this:
(1) - technically - you don't have to - see #2 - (unless you want to bring in other user attributes that UDC provides from the LDAP source.
(2) - If you do not bring in the users via UDC, users can access the Qlik Sense hub URL, they will either be prompted to login or perhaps be authenticated already - through SAML - their user id SHOULD be written to the repository automatically and be accessible in the QMC under users, then you can apply your appropriate access. Only thing is that it only brings in the user id and nothing else. It may be possible also problematically though our APIs, but I am note sure about that. I added flp to the thread to see if he might be able to provide some input.
(3) - Yes - you can use attributes in security rules, I believe if pulled in by UDC