I am going to make an assumption that you are running Active Directory.

If you don't already have Azure AD then I would suggest to get on that, because you can achieve everything you want through that (with ServiceNow and any other application that they support, which is a huge list.)

Basically, you'd set up Single Sign-On for ServiceNow through Azure AD, then you can set up conditional access.

With Conditional Access you can set up device compliance verification like patch-level, settings, ad-joined etc. but you can also set up Two-Factor, so for example if you have some users that need to be able to access on "any" device then they could get Two-Factor (or no conditional access at all), while the rest of your organization could have basic ad-joined verification.

Hi All,

I am also thinking about doing something different and would appreciate if someone can confirm if this is possible.

Current our service-now URL is https://<companyname>.service-now.com. I read that we can use a custom URL on our own domain e.g. https://servivenow.companydomain.com. Is this true?

If this is true, I also read, each URL has a dedicated VIP (IP address) from service-now side. Is this true?

Again, if above are true, can I use my internal DNS to add a record for this custom URL against dedicated VIP. In this way, this will only be resolved internally and access from outside of our network will be restricted automatically. 

Can someone please confirm if this is possible?