I am using Devise to authenticate and register users in my Rails app. However, I only want users who have an email with a specific ending to be able to sign up and access it (let's say @xyz.com). What do I need to do to reflect that?

If you want to restrict users access after the registration use before_filter:

before_filter :verify_email

private

def verify_email
  (redirect_to(root_path) unless current_user.email.include?('@xyz.com')
end

Edit: if you want to restrict registration you could just do a form validation to check whether the email matches your pattern

Devise offers a way to validate email addresses. Take a look to the documentation:

http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable