Regardless of the nature of the identity, the attributes will change from time to time, either because the base attributes of the entity change (e.g., a new home address) or because roles and assignments change. Often, to support new business opportunities, the schema of the identity record may need to be changed to add new fields to or include entirely new systems.

We've seen that identities are often about things other than people. In these cases, it's possible that the entire entity referred to by the identity is changed. As an example, consider upgrading the departmental laser printer. The name and IP number for the printer may be the only attributes that remain the same. This same phenomenon occurs when people occupy positions with strong role-based identity (e.g., the on-call duty officer).

All of these actions result in changes to the identity that, after completion, must be repropagated to the affected systems.

Maintenance of identities is one of the most costly activities that an IT help desk deals with day to day. Users frequently lose or forget passwords to systems. They change roles or move. The more things users can do on their own, the more money the company can save in maintenance calls to the help desk. Password reset has become of one of the driving forces behind enterprise identity management systems for this very reason. Often, an identity management project can be justified on the basis of savings from building a self-service password system alone.