I'm now able to do an Remote Access authentication with SAML to Azure AD and the authorization is now also possible through SAML.
That was for me the "trickiest" part, because the documentation from Checkpoint is specially for the authorization not really helpful.
I've added here a PDF file. It's based on the R81.20 Remote Access documentation with some additional information from me. I'm using R81.20, because I do not need any additional script installation.
I spent so much time in troubleshooting, because the documentation for the authorization is really bad. I was so dissapointed, that I have needed some time to "calm down".
Hint:
The downside of this implementation is, that you've to configure in your Access Role two "identical" groups, when you like to use Identity Awareness and Remote Access for the same users...
That means:
You can use for Identity Awareness (Browser Based Authentication) the native AAD groups (which are imported through the App Registration) and for Remote Access, you've to use internal user groups in the syntax "EXT_ID_" followed by the AAD role name.