New System to Apply for a Connexion User ID

The Enterprise Identity Management (EIDM) system, which is used to apply for a user identification (ID) to access Centers for Medicare & Medicaid Services (CMS) applications including Connexion, the Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) Competitive Bidding Program’s (CBP’s) secure portal, and the DMEPOS Bidding System, DBidS, is moving to a new system called CMS Identity Management (IDM) on January 25, 2021.

CMS IDM Migration Preparation:

Your EIDM account will automatically migrate to CMS IDM if you have an active user role. However, to prepare for migration, please sign in to your EIDM account and:

  • Confirm your access is up to date;
  • Confirm your email address is correct;
  • Note your current challenge questions and security answers; and
  • Act on any pending requests you may need to approve or reject (pending role requests will not migrate over).

If any of your information is not up to date in EIDM, please correct it before the migration.

What will Migrate to CMS IDM What will NOT Migrate to CMS IDM
User ID Selected Multi-Factor Authentication (MFA) devices (user’s email address will be set as the default)
Password Pending role requests
Email address  
Personal information (i.e., street address, work address, and Social Security number)  
Approved roles and attributes (i.e., contract number or state) within the application  
Level Of Assurance (LOA) status – if you already passed Remote Identity Proofing, then you would not need to do so again  
One of your three security challenge questions and answers  

Note: CMS IDM does not allow the modification of names, user IDs, or personally identifiable information, except for limited exceptions. If you are not able to access your account after the CMS IDM migration, you will need to call the Competitive Bidding Implementation Contractor (CBIC) customer service center at 877-577-5331 between 9 a.m. and 5:30 p.m. prevailing Eastern Time, Monday through Friday.

First Login Post Migration:

Beginning Monday, January 25, 2021, you will continue to navigate to the Registration page on the CBIC website and will enter the user ID and password you previously used with EIDM. Once you log in, you will see the CMS IDM Self Service page.

Changes to Multi-Factor Authentication (MFA):

If you have MFA set up on your account, at migration your email address will be the default MFA device. After a successful login, you will be able to add other MFA devices. CMS IDM only allows one MFA device per factor (i.e., you can only list one cell phone number for Short Message Service - SMS).

Available MFA Options
Email (default option sent to account on file)
SMS Text
Interactive Voice Response (IVR)
Google Authenticator (new smartphone application and Chrome browser plug-in)
Okta Verify (new smart phone application)

Note: The CMS IDM system will no longer support Symantec VIP Access or the use of one-time security codes.

Once you sign in using email for the initial MFA code, you can access your My Profile screen to register or re-register devices.

Changes to Security Question and Answer (SQA):

After the migration, you will be prompted on your initial login to define an SQA. IDM only has one security question versus the three required in EIDM. Security questions are no longer case sensitive.

Note: Users who do not set up their SQA will be unable to reset their password, as the SQA is required to complete self-service functions (i.e., password reset, unlock accounts).

Changes for Users with DBidS Roles:

As bidding for Round 2021 is complete, authorized official/backup authorized official/end user roles for DBidS will not be migrated. Any profiles associated with DBidS roles will be migrated, so you will not need to create a new user ID.  If you do not have any roles on your profile and you do not log in to CMS IDM for one year, your profile will be removed and you will then need to create a new user ID.


The CBIC, under contract with CMS, is the official source for information regarding the DMEPOS CBP. CMS cautions suppliers that neither CMS nor the CBIC independently reviews or verifies information about potential inaccurate information concerning the DMEPOS CBP posted on websites other than the CBIC website or CMS.gov website. Visit the CBIC website for valuable resources and tools and to subscribe to Email Updates.

eChat is available.

Updated: 01/08/2021