With all the rapid developments in technology, 10 years can feel like a lifetime in tech. Back in 2015, our company had just started to take on large-scale projects when one of Europe’s largest postal companies approached us with a critical challenge: implementing an Identity Governance solution to streamline the transition from on-prem IAM (Identity and Access Management) to a unified cloud IAM solution, guaranteeing governance continuity during migration.
With tens of thousands of employees, contractors, and devices to manage, the client needed a solution that could enrich user accounts with business rules and ensure reliable, secure access.
Our software architect, Nelu, designed the first version of their internal identity governance system, introducing it as the Identity Directory Service (IDS). What began as a temporary solution soon evolved into a cornerstone of their operations, ultimately classified as mission-critical and quickly became the foundation for managing authorisations.
Nelu takes us through the early vision of the system: “PostNL adopted the strategy to use cloud applications. For the IAM governance there was no standard product available, therefore a bespoke solution was built to automate the management of users and roles based on policies. In less than 3 months, the solution was launched allowing PostNL to automate the cycle from HR contract to user profile, to manage access requests, and to provision the user and roles to all cloud applications in use.”
When the initial rollout was complete, Diana, the tech lead on our IDS team, took over. To put the journey into perspective, we invited Diana and Jaap, IAM Solution Consultant and Product Owner at PostNL, to revisit the project’s beginnings and explore how a decade of collaboration continues to shape its development.
“IDS started in 2014 to provision cloud applications with user accounts,” recalls Jaap. “At that time, there was no IAM solution on the market that met PostNL’s requirements.”
The answer for their challenge came in the form of the Identity Directory Service (IDS) - a tool designed as a temporary solution but destined to become much more. “IDS was intended as a temporary solution to accelerate the implementation of cloud provisioning, and a decision was made to build the tool in-house,” says Jaap. What began as a stopgap quickly grew into a central pillar of PostNL’s identity management.
For Diana, as Tech Lead, the challenge was designing solutions that would not only work in the moment but scale for a large, complex organization. “First, we collaborate closely with both internal stakeholders and external teams to thoroughly understand integration points, data flows, and potential dependencies,” she explains. “We also prioritize automation in deployment, monitoring, and scaling by using tools like Azure DevOps and built-in monitoring.”
Security and compliance were also built in from the start. Diana recalls, “Before this project, I viewed identity management primarily as a way to authenticate users and assign permissions. However, as I worked more deeply with RBAC (Role-Based Access Control) roles, I realized that designing effective roles is both intricate and crucial for maintaining robust security and supporting business operations.” She highlights the importance of least privilege and the business risks of misconfigured roles: “Identity management is not a one-time setup but a dynamic and strategic process that must continuously evolve.”
That evolution was shaped by countless technical decisions along the way. “We had to decide whether to integrate with existing systems provided by Azure infrastructure, or we should custom-build some lightweight versions of them internally so that we depend as little as possible on specific cloud infrastructures” (Diana, Technical Lead). Each choice reflected the balance between business requirements and technical feasibility.
But technology was only part of the story. Collaboration played an equally important role. Jaap emphasizes: “COERA supports PostNL in further developing IDS. In addition to their expertise, they have been involved in its development for many years, allowing us to learn and grow together.” Diana echoes this: “The working relationship with the client has been very positive and collaborative. The client is knowledgeable and clear about long term goals and understanding and helpful throughout the project.” That openness “created an environment where we could discuss issues transparently and find solutions quickly.”
As for what lies ahead, we agree there is plenty of work still to come. “On each iteration, we connect to different applications inside the organization and collect their permissions so that we can configure and manage them,” Diana says. And as next steps, “we’re brainstorming on the potential use case of AI within the platform use, so I am very eager to explore more of this subject.” – as Diana says.
Jaap is optimistic about the next stage of the partnership: “As the platform progresses, I expect our teams to continue building on the strong foundation we've already established - fostering open communication, mutual respect, and aligned objectives. I hope we’ll maintain a collaborative mindset, where we proactively share updates, tackle challenges together, and stay focused on delivering outcomes that matter.”
A decade after its first release, IDS is no longer a temporary solution but a mission-critical system - and, just as importantly, a testament to what long-term collaboration can achieve.
