diff --git a/config.yaml b/config.yaml
index 2c2a6f71..c6f1d484 100644
--- a/config.yaml
+++ b/config.yaml
@@ -107,6 +107,16 @@ options:
     type: int
     default: 60
     description: Amount of time (in seconds) the catalog should be cached for.
+  identity-cache-expiration:
+    type: int
+    default:
+    description: |
+      Amount of time (in seconds) user identity information should be cached
+      for. This impacts user information such as email and description, which
+      could display stale information from cache after being updated. Reducing
+      cache_time means more database queries so if an impact is perceived
+      this value should be increased. If unspecified, the default value of
+      600 is used.
   role-cache-expiration:
     type: int
     default:
diff --git a/hooks/keystone_context.py b/hooks/keystone_context.py
index 00d2152e..f0fb6be9 100644
--- a/hooks/keystone_context.py
+++ b/hooks/keystone_context.py
@@ -216,6 +216,9 @@ class KeystoneContext(context.OSContextGenerator):
         ctxt['catalog_cache_expiration'] = config('catalog-cache-expiration')
         if config('role-cache-expiration') is not None:
             ctxt['role_cache_expiration'] = config('role-cache-expiration')
+        if config('identity-cache-expiration') is not None:
+            ctxt['identity_cache_expiration'] = config(
+                'identity-cache-expiration')
 
         ctxt['dogpile_cache_expiration'] = config('dogpile-cache-expiration')
 
diff --git a/templates/queens/keystone.conf b/templates/queens/keystone.conf
index d61501c3..1d828509 100644
--- a/templates/queens/keystone.conf
+++ b/templates/queens/keystone.conf
@@ -42,11 +42,6 @@ driver = sql
 cache_time = {{ catalog_cache_expiration }}
 driver = sql
 
-{% if role_cache_expiration is not None -%}
-[role]
-cache_time = {{ role_cache_expiration }}
-{% endif -%}
-
 [endpoint_filter]
 
 [token]
diff --git a/templates/rocky/keystone.conf b/templates/rocky/keystone.conf
index 1a716fd6..263f6f3d 100644
--- a/templates/rocky/keystone.conf
+++ b/templates/rocky/keystone.conf
@@ -20,6 +20,9 @@ connection_recycle_time = 200
 
 [identity]
 driver = {{ identity_backend }}
+{% if identity_cache_expiration -%}
+cache_time = {{ identity_cache_expiration }}
+{% endif -%}
 {% if default_domain_id -%}
 default_domain_id = {{ default_domain_id }}
 {% endif -%}
@@ -40,6 +43,11 @@ driver = sql
 cache_time = {{ catalog_cache_expiration }}
 driver = sql
 
+{% if role_cache_expiration -%}
+[role]
+cache_time = {{ role_cache_expiration }}
+{% endif -%}
+
 [endpoint_filter]
 
 [token]