How-to guides
NDISAllow a day; longer if identity documents need sorting

How to Set Up myID and RAM for the NDIS (PRODA Migration)

A step-by-step procedure for setting up myID and RAM so your team can access the NDIS portals after PRODA was retired: create each person's myID with a personal email, reach the identity strength the role needs, link your business in RAM, authorise the right people at the right level, then log in and confirm access before the cutover. Get the sequence right and the whole organisation is in; get it wrong and staff hit a wall at the login screen.

PRODA has been retired as a login method for the NDIS portals. Access now runs on two systems: myID (the Australian Government's Digital ID app, formerly myGovID, which verifies you as an individual) and RAM, the Relationship Authorisation Manager, which links your verified identity to the business you represent and sets your level of access. Both must be set up, in order, before anyone at your organisation can log in. This guide walks the setup. For your wider registration obligations once you are back in the portal, see the NDIS provider compliance pillar.

Before you begin

Decide who your principal authority will be: a director or owner as recorded on the Australian Business Register, ideally someone who holds a current Australian passport (or one expired within the past three years), because that person needs the highest identity strength. Have your ABN to hand, and make sure every person who will need portal access has a personal email address and their identity documents ready. The setup has a fixed sequence, so confirming these prerequisites first is what prevents a half-finished application.

A note on who does what: a sole trader is both the individual needing access and the principal authority of the business, so you complete both the personal myID task and the business RAM task yourself. An organisation splits these across the principal authority and each staff member.

Step 1: Set up myID with a personal email

Install the myID app (iOS or Android) on each person's phone and create their myID using a personal email address, not a work or practice email. Every individual who needs portal access has their own myID; it is a personal credential, not a shared team login.

Use a personal email deliberately. A myID tied to a work address becomes unusable when the person changes role or leaves, and has to be rebuilt from scratch. When someone leaves, you remove their access by revoking their RAM authorisation, not by changing a password.

Step 2: Reach the identity strength your role needs

myID has three strength levels, and the level you need depends on your role. Most staff need Standard, which is verified with two Australian government documents (a driver's licence plus a Medicare card is the usual combination; a passport plus a Medicare card also works). The principal authority who will link the business in RAM needs Strong, which requires an Australian passport (current or expired within three years) plus a biometric face scan in the app. No other document combination reaches Strong.

If the named director cannot reach Strong because they hold no qualifying passport, check whether another director does: that director can link the business and then authorise the passport-less director as an administrator. If no director qualifies, call the RAM support line on 1300 287 539 (option 3) before attempting workarounds.

Step 3: Link your business in RAM

The principal authority logs into RAM with their verified myID and links the business using its ABN. RAM confirms the relationship to the ABN through Australian Business Register records, so the person doing this must be recorded against the business there. This step can only be done by the principal authority, and it must happen before any staff authorisations exist.

A sole trader does the same: link the business by ABN, then authorise your own myID to represent it. That self-authorisation is a required step, not an optional one, because the worker identity and the business entity have to be formally connected in RAM before portal access works.

Step 4: Authorise the people who need access

With the business linked, the principal authority (or an authorised administrator) creates a RAM authorisation for each person, at the right level. An authorised administrator can act in the portal and manage other people's authorisations: the right level for a practice manager or compliance officer who onboards staff. An authorised user can act in the portal but cannot manage others: the right level for clinical and administrative staff. Authorise at least one administrator early so the director is not in the loop for every future staff change.

Sequence matters here. A staff member who tries to log in before their authorisation has been created will hit an error, so create the authorisation first, then have them log in. This is the single most common reason a correctly set-up myID still cannot reach the portal.

Step 5: Log in, verify access, and complete the cutover

Each authorised person logs into the NDIS portal with their myID and selects the business from their RAM-linked entities. Confirm that everyone who needs access can actually reach the portals they use: the myplace provider portal (payment claims and service bookings) and the NDIS Commission portal (registration, incident reporting, complaints). If someone hits a 401 Unauthorised error after setup looks complete, clear the browser history and cookies and log in again, which resolves it in most cases.

Treat the cutover as a hard deadline, not a someday task. The myplace provider portal has required myID and RAM since November 2025, and PRODA access to the NDIS Commission portal is being removed at the end of the transition period (the announced date is 30 September 2026, with no extension flagged). Keep that date visible with the compliance calendar alongside your other NDIS obligations, and once access is confirmed, move on to your registration and audit work using the register as an NDIS provider guide.

What good looks like

  • Every person has their own myID, created with a personal (not work) email.
  • The principal authority holds Strong identity strength via an Australian passport.
  • The business is linked in RAM by the principal authority before any staff logins.
  • At least one authorised administrator exists, so staff changes do not need the director each time.
  • Every authorisation is created before the staff member's first login attempt.

Common mistakes: using a work email for myID, a name that does not match across identity documents (a marriage or change-of-name certificate usually resolves this), staff trying to log in before their RAM authorisation exists, and assuming the principal authority can use anything other than an Australian passport to reach Strong.

Frequently asked questions

What is the difference between myID and RAM?

myID is your personal verified digital identity, held in an app on your phone and tied to your personal email; it proves who you are. RAM (Relationship Authorisation Manager) connects your myID to a business and sets your level of access when acting for it. Both are required: myID alone does not grant portal access, and RAM cannot work without a linked, verified myID.

What documents do I need for Standard identity strength?

At least two Australian government-issued documents with matching names. The most common combination is a driver's licence and a Medicare card; a passport and a Medicare card also works. If your name differs across documents because of a name change, a marriage certificate resolves it in most states and territories, and a change of name certificate works in Tasmania, South Australia, the Northern Territory, and the ACT.

What if our principal authority does not hold an Australian passport?

Strong identity strength can only be reached with an Australian passport (current or expired within three years), so a director without one cannot be the principal authority. Check whether another director holds a qualifying passport: they can link the business in RAM and then authorise the original director as an administrator. If no director qualifies, call the RAM support line on 1300 287 539 (option 3).

Can a sole trader use their business email to set up myID?

No. myID must be created with a personal email address, because it is a personal credential. A business email creates an account tied to the practice that fails when the email or the person's role changes. Sole traders use a personal email even though they are also the principal authority for their business.

What happens after the PRODA transition deadline?

Once PRODA access to the NDIS Commission portal is removed (the announced date is 30 September 2026), providers who have not completed myID and RAM setup lose access to registration management, incident reporting, complaints, and audit documentation through that portal. The myplace provider portal has already required myID and RAM since November 2025, so completing setup is a gateway to claiming and reporting, not an optional upgrade.

Who do I contact if I am still locked out after setup?

For the myplace provider portal or payment-related access, contact the NDIA on 1800 800 110. For RAM itself (business authorisation or identity strength), call 1300 287 539 and select option 3. For NDIS Commission portal access, contact the Commission on 1800 035 544. If you see a 401 Unauthorised error after setup looks complete, clear your browser history and cookies before calling, as that fixes it in most cases.

Last reviewed

30-day free trial, no credit card

Be the practice the assessor compliments.

Set up your frameworks this weekend. Walk into your next visit with every criterion linked to current evidence, and nothing left to chase.

Start your 30-day free trialBrowse free templates
No credit card required
Australian data residency (Sydney)
Cancel anytime