diff --git a/manifest.json b/manifest.json
index ffe22c0..8b77a2b 100644
--- a/manifest.json
+++ b/manifest.json
@@ -9,13 +9,13 @@
     },
     "url": "http://flarum.org/",
     "license": "MIT",
-    "version": "0.1.0-beta.12~ynh1",
+    "version": "0.1.0-beta.12~ynh2",
     "maintainer": {
         "name": "tituspijean",
         "email": "tituspijean@outlook.com"
     },
     "requirements": {
-        "yunohost": ">= 3.5.0"
+        "yunohost": ">= 3.7"
     },
     "multi_instance": true,
     "services": [
diff --git a/scripts/install b/scripts/install
index ff0fc21..363c3ce 100644
--- a/scripts/install
+++ b/scripts/install
@@ -71,7 +71,6 @@ ynh_webpath_register $app $domain $path_url
 ynh_app_setting_set $app domain $domain
 ynh_app_setting_set $app path $path_url
 ynh_app_setting_set $app admin $admin
-ynh_app_setting_set $app is_public $is_public
 ynh_app_setting_set $app language $language
 ynh_app_setting_set $app final_path $final_path
 ynh_app_setting_set $app php_version $php_version
@@ -179,18 +178,16 @@ ynh_add_fpm_config $php_version
 ynh_use_logrotate
 
 #=================================================
-# SETUP SSOWAT
+# SETUP PERMISSIONS
 #=================================================
+ynh_script_progression --message="Configuring permissions..." --time --weight=1
 
-if [ $is_public -eq 0 ]
-then	# Remove the public access
-  ynh_app_setting_delete $app skipped_uris
-fi
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-  # unprotected_uris allows SSO credentials to be passed anyway.
-  ynh_app_setting_set $app unprotected_uris "/"
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission "main" --add "visitors"
 fi
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 25d2717..0ac957f 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -24,7 +24,6 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
@@ -51,15 +50,6 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
 
-# Fix is_public as a boolean value
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=1
-	is_public=1
-elif [ "$is_public" = "No" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=0
-	is_public=0
-fi
-
 # If db_name doesn't exist, create it
 if [ -z "$db_name" ]; then
 	db_name=$(ynh_sanitize_dbid --db_name=$app)
@@ -72,6 +62,32 @@ if [ -z "$final_path" ]; then
 	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi
 
+# Cleaning legacy permissions
+is_public=$(ynh_app_setting_get --app=$app --key=is_public)
+skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris)
+unprotected_uris=$(ynh_app_setting_get --app=$app --key=unprotected_uris)
+protected_uris=$(ynh_app_setting_get --app=$app --key=protected_uris)
+
+# Remove is_public if exists
+if [ ! -z "$is_public" ]; then
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
+# Remove skipped_uris if exists
+if [ ! -z "$skipped_uris" ]; then
+	ynh_app_setting_delete --app=$app --key=skipped_uris
+fi
+
+# Remove unprotected_uris if exists
+if [ ! -z "$unprotected_uris" ]; then
+	ynh_app_setting_delete --app=$app --key=unprotected_uris
+fi
+
+# Remove protected_uris if exists
+if [ ! -z "$protected_uris" ]; then
+	ynh_app_setting_delete --app=$app --key=protected_uris
+fi
+
 # If some settings are missing, assume older package version
 [ -z "$old_project_version" ] && old_project_version="0.1.0-beta.7"
 [ -z "$old_ssowat_version" ] && old_ssowat_version="0.6"
@@ -285,16 +301,10 @@ chown -R $app:www-data $final_path/storage
 chmod -R 0775 $final_path
 
 #=================================================
-# SETUP SSOWAT
+# SETUP PERMISSIONS
 #=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1
 
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
+#ynh_script_progression --message="Upgrading permissions configuration..." --time --weight=1
 
 #=================================================
 # RELOAD NGINX