Government agencies increasingly rely on third parties (providers, vendors, partners) to deliver services—yet the identity lifecycle for external users often becomes a friction point and a risk amplifier. This session examines common breakdowns across organization onboarding, user onboarding, role/access requests, and recertification, drawing on lessons from operating and reimaging a complex external registration experience that was “not user-friendly,” drove confusion, and increased support burden. We’ll walk through a practical modular approach to modernizing third-party identity processes, starting with organization onboarding: implementing a flexible organization data model (multi-location/multi-facility), synchronization with authoritative registries, and automated validation/matching to reduce re-registration and improve data quality. From there, we’ll address user onboarding controls that strengthen assurance without sacrificing usability—identity proofing to prevent synthetic accounts, restrictions on disposable emails, and location-based validation checks to detect anomalous access patterns during registration/authentication. Finally, we’ll discuss how this foundation can fuel an integrated third party cyber risk management improving risk-based decisioning.