When IdentityIQ reads an account from a connected application, it will try to correlate it to an existing identity cube and if that fails, create a new identity cube. When an account is removed from the source, IdentityIQ will also remove the account from the cube if the option to detect deleted accounts has been enabled on the aggregation task. If all accounts are removed from an identity cube, it will leave an "empty shell".
Other reasons for an identity cube to become empty are:
These empty identity cubes most of the time do not serve any purpose and should be cleaned up. This is what the pruning feature in IdentityIQ is designed for.
Out of the box, IdentityIQ comes with a task called "Prune Identity Cubes".
This task has four configuration options.
First of all when the option Analyze but to not delete is enabled, it will not delete any identity. If that option is not enabled, it will process all identities, or those selected by the filter and evaluate whether or not to delete the identity cube. An Identity will not be deleted by the prune task if it:
I can write down above filter as links.application.id=="c0a800658d0e1d2b818d0e71595f0004"