I believe there is roadmap for both items, but no dates to share at this time.

Two years after this question was first asked, and still nothing formal on Roadmap or expected version of code?  It's not in R80.30 or R80.40.

The challenge is that while RADIUS works, it precludes customers for using any U2F/FIDO2 style MFA tokens, which are more secure than traditional OTP based tokens.  The only secure option for customers at present is an MFA solution that supports Push notification, but that requires a smart phone with the app and available mobile phone data service.  There are situations where phones are not allowed (manufacturing floors, for example) or where you don't have mobile coverage but would still have Internet (wired, dial-up, etc.).  Additionally, there are situations where a user might not have a mobile phone or only have a personal one that doesn't support the necessary mobile app and you need to deploy a hardware token to the user or use a hardware token as a backup to the mobile app.

While interesting, the remote access client is where it's really valuable.  It's ultimately a matter of priorities, I guess.  Other vendors have had SAML support in their clients for years.

To me, being unable to support U2F as an MFA token is a big miss for a company that prides itself on being on the leading edge of security.  

It pains me to say it, but Check Point has really paid little attention to remote access security for the past 4-5 years.  Even the Mobile Access SSL-VPN is very long in the tooth.  Hotfix after hotfix just to be able to use it on modern systems and browsers.  And not even included in the JHF, but as special MABDA hotfixes that required a reboot of a firewall to install.  Finally showing up in R80.40.

It's just my personal opinion, but it feels like Check Point is just chasing butterflies and not paying enough attention to the fundamentals.

I think is important for suport of new solutions like OKTA, DUO etc.

Cisco , Fortinet & Palo Alto already have this feature available.

Believe this is now planned for R81.
Encourage you to get involved with the EA.

I'll certainly check out the EA, but we are still working through the planning for the R80.40 upgrade.  Is there an overall timeline for when R81 will go GA?  I assume that SAML support in the client will likely not make the first few GA releases given the late inclusion of it in the plan.

What is the best path to get confirmation on the roadmap and timing for this feature in R81?  Through my account team?

Plan is end of September, however the more EA participants we get, the faster it can release.
More details about R81 EA here: https://community.checkpoint.com/t5/Product-Announcements/R81-EA-Program-Production/ba-p/86945 
If you need a formal commitment for a particular feature, your best bet is your local account team. 

I have read in R81 Identity Awareness admin guide that SAML is supported on R81 using Captive Portal. Is this feature also available for the Endpoint Security vpn clients?

It’s planned for the near future but it will first come to the R80.40 JHF and later the R81 JHF.
If you need it now, we have a customer release available thru your local Check Point office.

Hello PhoneBoy,

do you have any news regarding this?

Kind Regards

Sasa

The status of this is unchanged.
I highly recommend engaging with your local Check Point office around this requirement.