PRODA to myID and RAM: The Complete NDIS Provider Setup Guide

Key Takeaways

• PRODA was removed as a login method for the myplace provider portal on 10 November 2025. All providers must now use myID and RAM (Relationship Authorisation Manager) to access both the myplace provider portal and the NDIS Commission portal.
• The transition period for the NDIS Commission portal ends 30 September 2026. After that date, providers who have not completed setup will lose access to registration management, incident reporting, and audit documentation through the Commission portal.
• myID has three identity strength levels: Basic, Standard, and Strong. Staff accessing NDIS portals need at least Standard identity strength. The principal authority who links the business in RAM requires Strong identity strength.
• Strong identity strength requires an Australian passport, either current or expired within the past three years, plus a biometric face scan. No other document combination achieves Strong.
• Sole traders must complete two separate tasks: setting up myID as an individual (the worker task) and linking their business in RAM and authorising their own myID to represent that business (the business task). Skipping either task blocks portal access.
• The most common setup failures are name mismatches across identity documents, using a work email address instead of a personal email when creating myID, and staff attempting portal login before the principal authority has created their RAM authorisation.
• If no director holds a current or recently expired Australian passport, another director who does can link the business and then authorise the passport-less director as an administrator.

PRODA is gone. From 10 November 2025, the Australian Government's Provider Digital Access system no longer works for NDIS portals. Providers who had not completed the transition by that date were locked out of the myplace provider portal (used for payment claims and service bookings) and the NDIS Commission portal (used for registration, incident reporting, and complaints). Many providers are still searching for clear setup guidance months later.

The system that replaced PRODA has two parts. myID is the Australian Government's Digital ID app, installed on your smartphone, that verifies your personal identity. RAM (Relationship Authorisation Manager) is the system that links your verified personal identity to the business you represent and controls what level of access you have in the portal. Both must be correctly set up before anyone at your organisation can log in.

This guide covers the setup process for sole traders and organisations, the three RAM authorisation levels and who needs each one, identity strength requirements including what to do if the principal authority does not hold a passport, and the errors that most commonly block access.

What Changed and Why

PRODA used a username and password approach to identity verification. The switch to myID and RAM brings NDIS system access into alignment with the Digital Identity Act 2024 framework, which sets consistent digital identity standards across federal government services. For providers, the practical result is stronger protection of participant data and no more shared team passwords.

For NDIS portals specifically:

• The myplace provider portal (payment claims, service bookings) moved to myID and RAM from 11 August 2025. PRODA access was removed on 10 November 2025.
• The NDIS Commission portal (registration management, incident reporting, complaints) is in a transition period. myID and RAM login is available now, and PRODA access will be fully removed by 30 September 2026.

If your organisation has already completed the transition, confirm that all staff who need portal access have their individual myID set up and are linked to your business in RAM. The most common post-setup gap is a team member whose myID is configured but whose RAM authorisation was never created by the principal authority.

The Two Systems: myID and RAM

myID: Your Personal Digital Identity

myID is an app (available for iOS and Android) that verifies who you are as an individual. It stores a verified digital identity against your personal email address. Every person who needs to access NDIS portals on behalf of your organisation must have their own myID account.

myID has three identity strength levels:

• Basic: Verified with name, date of birth, and email only. Insufficient for most NDIS portal access.
• Standard: Verified with at least two Australian government-issued identity documents. A driver's licence plus a Medicare card is the most common combination. A passport plus a Medicare card also satisfies the requirement. Standard identity strength is the minimum for most staff accessing NDIS portals.
• Strong: Verified with an Australian passport (current, or expired within the past three years) plus a biometric face scan. Required for anyone who will be the principal authority linking a business in RAM.

Use your personal email address when setting up myID, not your work or practice email. myID is a personal identity credential. If a staff member leaves your organisation, you remove their portal access by revoking their RAM authorisation, not by changing a shared password. Staff who set up myID with a work email create an account they may lose access to when their employment ends.

RAM: Your Business Authorisation

RAM (Relationship Authorisation Manager) links a verified individual identity to a business entity. Once a business is linked in RAM and staff authorisations are in place, each authorised person logs into NDIS portals using their personal myID and selects the business from their linked RAM entities.

RAM has three authorisation levels relevant to NDIS providers:

1. Principal Authority: The business owner or director who links the business to RAM. Must hold Strong identity strength. Can authorise other users and administrators. Every business must have at least one principal authority before any other authorisations can be created.
2. Authorised Administrator: Requires Standard or Strong identity strength. Can act on behalf of the business in portals and can also create and manage authorisations for other staff. The right level for practice managers or compliance officers who need to onboard new team members without involving the director each time.
3. Authorised User: Requires Standard or Strong identity strength. Can act on behalf of the business in portals, but cannot manage authorisations for others. Appropriate for clinical and administrative staff who need access for day-to-day portal tasks.

Setup for Sole Traders

Sole traders occupy an unusual position in the myID and RAM framework. You are simultaneously the individual who needs portal access and the principal authority of your business. You must complete both tasks.

1. Install the myID app on your personal smartphone (iOS or Android).
2. Set up myID using your personal email address, not your practice email.
3. Achieve Strong identity strength. As principal authority, you need an Australian passport (valid, or expired within three years) and a biometric face scan through the app.
4. Log into RAM using your verified myID.
5. Link your business to RAM using your ABN. RAM verifies your relationship to the ABN through Australian Business Register records.
6. Authorise your personal myID to represent your business. As a sole trader, you authorise yourself. This is a required step: the worker identity and the business entity must be formally linked in RAM before portal access is possible.
7. Access the NDIS portal using your myID, selecting your business from the RAM-linked entities.

If you do not hold an Australian passport and cannot achieve Strong identity strength, contact the RAM support line on 1300 287 539 (select option 3) before attempting workarounds.

Setup for Organisations

For organisations, the setup follows a fixed sequence. No staff member can access the portal until the principal authority has completed the business link in RAM and created their authorisation.

1. Identify the principal authority. This must be a director or owner of the business as recorded on the Australian Business Register. Choose someone who holds a current or recently expired Australian passport.
2. The principal authority sets up myID with Strong identity strength, using their personal email address, Australian passport, and the biometric face scan in the app.
3. The principal authority links the business in RAM using the ABN.
4. The principal authority authorises at least one authorised administrator, typically the practice manager or compliance officer, so they can manage future authorisations without the director's involvement each time.
5. Each staff member who needs portal access sets up their own myID with at least Standard identity strength. Standard requires two documents: a driver's licence plus a Medicare card is the most common combination.
6. The authorised administrator (or principal authority) creates a RAM authorisation for each staff member, specifying whether they are an authorised administrator or authorised user.
7. Staff access the portal by logging in with their myID and selecting the business from their RAM-linked entities.

If the principal authority receives a 401 Unauthorised error after completing RAM setup, clear your browser history and cookies, then log in again. This is the most commonly reported post-setup error and is almost always resolved by clearing the cache.

Common Errors That Block Access

Name mismatch across identity documents. If the name on your driver's licence differs from the name on your passport or Medicare card, myID will not verify you. If you have changed your name, a marriage certificate resolves this in most states and territories. A change of name certificate works in Tasmania, South Australia, the Northern Territory, and the Australian Capital Territory.

Work email for myID. Using a practice email address creates a credential tied to your employer rather than to you as an individual. When staff leave, those accounts become unusable and must be rebuilt from scratch. Use a personal email.

Staff attempting portal access before RAM authorisation is created. The system returns an error if a staff member's RAM authorisation does not yet exist. The principal authority or an authorised administrator must create the authorisation before the staff member attempts their first login.

No Australian passport for the principal authority. Strong identity strength cannot be achieved without an Australian passport. If the named director cannot satisfy this requirement, check whether another director holds a qualifying passport. That director can link the business in RAM and then authorise the original director as an authorised administrator, giving them full operational access. If no director holds a qualifying passport, contact the RAM support line on 1300 287 539 (select option 3).

For providers wanting to confirm their broader NDIS compliance position after completing portal setup, the NDIS compliance quiz provides a rapid gap assessment across registration, worker screening, and incident reporting obligations. Providers reviewing their registration status after the myID transition should also read our NDIS provider registration and compliance guide.

With portal access restored, providers preparing for registration renewal or an upcoming audit should review the NDIS audit preparation checklist to confirm all documentation and Practice Standards evidence is in order.

How ClinicComply Helps

Portal access is a gateway obligation: until it is resolved, providers cannot submit payment claims, manage registrations, or report incidents through the NDIS system. But the compliance obligations that sit behind that portal access are ongoing and layered.

ClinicComply tracks active NDIS compliance obligations in one place: worker screening records, incident reporting deadlines, registration renewal milestones, and policy review cycles. The task assignment features let you assign setup steps, documentation obligations, and compliance actions to specific team members, with automated reminders before deadlines pass.

For providers preparing for an NDIS audit or registration renewal, the evidence tracking features in ClinicComply let you store completed policies, staff screening clearances, and governance documents against the specific Practice Standards they satisfy. Use the compliance calendar to keep the 30 September 2026 Commission portal transition deadline and all other active NDIS obligations visible in one place. For downloadable NDIS policy templates, see the ClinicComply template library.

See the full feature set at cliniccomply.com.au/features, or start your free 30-day trial at cliniccomply.com.au/signup.

Frequently Asked Questions

Why was PRODA removed from NDIS portals?

PRODA used a username and password approach to identity verification, which the Australian Government decided to replace with a more secure national digital identity framework aligned with the Digital Identity Act 2024. The switch to myID and RAM provides consistent identity verification standards across federal government digital services and reduces the risk of credential sharing and unauthorised access to participant data.

Is PRODA completely gone for all government services?

PRODA has not been decommissioned as a system and can still be used for some other government services. However, it no longer works as a login method for NDIS provider portals. The myplace provider portal removed PRODA access on 10 November 2025. The NDIS Commission portal is in a transition period, with PRODA access scheduled for complete removal by 30 September 2026.

What is the difference between myID and RAM?

myID is your personal verified digital identity, held in an app on your phone and tied to your personal email address. It proves who you are as an individual. RAM (Relationship Authorisation Manager) is a separate system that connects your personal myID to a business entity and defines the level of access you have when acting on behalf of that business. Both are required: myID alone does not grant portal access, and RAM cannot function without a linked, verified myID.

What documents do I need for Standard identity strength in myID?

Standard identity strength requires at least two Australian government-issued identity documents with matching names. The most common combination is an Australian driver's licence and a Medicare card. A passport and a Medicare card also works. If your name does not match across documents due to a name change, a marriage certificate resolves this in most states and territories. A change of name certificate works in Tasmania, South Australia, the Northern Territory, and the Australian Capital Territory.

What if the principal authority at my organisation does not hold an Australian passport?

Strong identity strength, required to link a business in RAM as principal authority, can only be achieved with an Australian passport (current or expired within three years). If the named director does not hold a qualifying passport, check whether another director of the business does. That director can link the business in RAM and then authorise the original director as an authorised administrator, giving them full operational portal access. If no director holds a qualifying passport, contact the RAM support line on 1300 287 539 (select option 3) for specific guidance.

Can a sole trader use their business email to set up myID?

No. myID must be created with a personal email address. Using a business email creates a credential tied to the practice rather than to the individual, which causes problems when the business email address changes or the person moves to a different role. The myID app is a personal identity credential: sole traders should use their personal email, even though they are also the principal authority for their business entity.

What RAM authorisation level does a practice manager need?

Practice managers typically need Authorised Administrator level in RAM. This lets them act on behalf of the business in the NDIS portal and also create and manage authorisations for other staff, so they can onboard new team members without needing the director involved each time. Authorised User level is sufficient for clinical and administrative staff who only need portal access for standard tasks such as viewing service bookings, submitting payment claims, or checking participant plans.

What happens after 30 September 2026 if I have not completed the RAM transition?

After 30 September 2026, PRODA will be removed as a login method for the NDIS Commission portal. Providers who have not completed myID and RAM setup by that date will be unable to log into the Commission portal, which means no access to registration management, incident reporting, complaints handling, or audit documentation through the portal. Payment claims through the myplace provider portal have required myID and RAM since November 2025. There is no announced extension to the September 2026 deadline.

Who do I contact if I am still locked out after completing myID and RAM setup?

For issues with the myplace provider portal or payment-related portal access, contact the NDIA on 1800 800 110. For issues with the RAM system itself, including business authorisation setup or identity strength problems, contact the RAM support line on 1300 287 539 and select option 3. For NDIS Commission portal access issues, contact the Commission on 1800 035 544. If you receive a 401 Unauthorised error after setup appears complete, clear your browser history and cookies before calling support, as this resolves the error in most cases.