Currently, there is no way of querying the tasks that don't have a candidate group, only all unassigned tasks in general (so including the ones with or without candidate group)
Thanks for your response. What would you suggest as workaround? I want to put an authorization layer on top of the task service to check if a user has the permission to execute a task or not. For all unauthenticated users I need to know whether a task is assigned to a candidate (access denied) or not (can be accessed without authentication).
Just for the records: I found a way to achieve this by providing a custom TaskSession (that decorates the default implementation) and filters all unwanted Tasks. The check for assigned candidates can be done by calling TaskEntity#getIdentityLinks().
