# MDM Sign-In Enforcement

Secure your organization by requiring Raycast users on managed Macs to sign in with an approved work email, using MDM solutions to enforce seamless compliance.

> [!NOTE]
> Some Teams features are available in Raycast for Mac V2 and Windows, with full support coming in future updates. Raycast V1 and iOS remain unchanged.

Enforce that your organization members are logged in to their Raycast client with your organization's email. This is configured through an MDM (Mobile Device Management) configuration profile deployed by your IT team to managed Macs.

When the MDM profile is deployed with the `RequiredSignInDomain` key set to your organization's domain, Raycast will:

- Block access to the client until the user logs in with an account matching the required domain (see image below).
- Show an error if a user attempts to log in with an account from a different domain.
- Disable the log out option to prevent users from bypassing the enforcement.

<Image
  src="/images/teams/mdm-sign-in-enforcement-1.png"
  alt="Raycast MDM sign-in enforcement screen"
/>

This is compatible with any MDM solution that supports managed preferences on macOS (e.g., Jamf, Kandji). The MDM profile is deployed by your IT team, Raycast respects the configuration when present. This follows Apple's standard managed app configuration framework.

This ensures that enterprise management settings configured in the Organization Settings are always applied, and prevents users from using Raycast outside of your organization's control.


---

## Need Help?

Contact Raycast Support if you have any questions or would like help with MDM Sign-In Enforcement. Use the **Send Feedback** command directly in Raycast to report bugs and billing issues, log feature requests, or any other queries you would like to speak to us about.

You can view all Raycast Support contact options at https://manual.raycast.com/contact-support