Official Content
  • This documentation is valid for:

The GXflow API that handles roles and users is integrated to GeneXus Access Manager (GAM) in KBs that have Integrated security property enabled.

Every time you use any of the following methods of the GXFlow API, the GAM API  is called automatically to make the necessary changes in the GAM entities.


  • &WorkflowOrganizationalModel.AddUser(<params>)
  • &WorkflowOrganizationalModel.AddRole(<params>)
  • &WorkflowUser.AssignRole(&workflowRole)
  • &WorkflowUser.UnassignRole(&workflowRole)
  • &WorkflowUser.ChangePassword(&currentPassword, &newPassword)
  • &WorkflowUser.Block()
  • &WorkflowUser.UnBlock()
  • &WorkflowRole.AddUser()
  • &WorkflowRole.RemoveUser()


The following properties get the information as if a method of the GAM API were called.

  • &WorkflowUser.Name
  • &WorkflowUser.Email

Consider also that all the operations related to users and roles are now enabled in the GXFlow Management Console.

GeneXus Flow 15 - Managment console - Roles


As from GeneXus X Evolution 3 Upgrade 6


  • If a user is deleted using the GAM API, when this entity is updated using the GXFlow API, an error is thrown: Invalid User. So, the user has not synchronized again, and the message shown does not report the real error. In this case, the administrator should check the state of the user using the GAM backend.
  • When any change is done using the GAM backend, it is advised to synchronize all the changes globally to GXflow, using apwfsynchronizegamusers procedure.
    • As of GeneXus 15 Upgrade 4 is no longer necessary to use apwfsynchronizegamusers procedure due to the synchronization between GAM and GXflow is done automatically.
      Refer to SAC#41298 for more information.

See Also

WorkflowUser Data Type
WorkflowOrganizationalModel data type
WorkflowRole Data Type
GXflow - GAM Integration

Last update: November 2023 | © GeneXus. All rights reserved. GeneXus Powered by Globant