In general, Identities are created to represent an organization’s personnel (as represented in the authoritative data source(s)) and each user's application accounts are associated to their Identity as the accounts are aggregated. In fact, the IdentityIQ data model requires that all accounts be tied to an Identity. When an account is aggregated into IdentityIQ from a non-authoritative source and cannot be correlated to an existing Identity in the system, IdentityIQ still needs to record the existence of the account and still needs an Identity to support the account, so it creates a new, uncorrelated Identity. (These uncorrelated accounts are often referred to as “orphaned” accounts since they lack an authoritative “parent” Identity.)
|Uncorrelated Account / Orphaned Account: an account from a non-authoritative system which cannot be correlated to an existing authoritative Identity
|Uncorrelated Identity: a non-authoritative Identity created solely to support an uncorrelated account until it can be correlated to an authoritative Identity
Organizations have several choices for addressing these uncorrelated accounts.
In all of these cases, once the accounts have been disassociated from the non-authoritative Identities, the uncorrelated Identities still exist in the system but no longer have any accounts associated to them and are therefore no longer needed. The Prune Identity Cubes task can be run to delete those Identities.