diff --git a/manifest.json b/manifest.json
index 46f61bf..5424020 100644
--- a/manifest.json
+++ b/manifest.json
@@ -3,7 +3,7 @@
     "id": "garradin",
     "packaging_format": 1,
     "requirements": {
-        "yunohost": ">=3.5.0"
+        "yunohost": ">=3.7.0"
     },
     "description": {
         "en": "Software to manage association",
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 6248f06..3b3d4c5 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -8,3 +8,38 @@
 pkg_dependencies="php7.0-sqlite3"
 
 # ============= FUTURE YUNOHOST HELPER =============
+
+# Check if a permission exists
+#
+# While waiting for this new helper https://github.com/YunoHost/yunohost/pull/905
+# We have to use another one because the new helper use a new YunoHost command, not available for now.
+#
+# usage: ynh_permission_has_user --permission=permission --user=user
+# | arg: -p, --permission - the permission to check
+# | arg: -u, --user - the user seek in the permission
+#
+# example: ynh_permission_has_user --permission=main --user=visitors
+#
+# Requires YunoHost version 3.7.1 or higher.
+ynh_permission_has_user() {
+    local legacy_args=pu
+    # Declare an array to define the options of this helper.
+    declare -Ar args_array=( [p]=permission= [u]=user= )
+    local permission
+    local user
+    # Manage arguments with getopts
+    ynh_handle_getopts_args "$@"
+
+    if ! ynh_permission_exists --permission=$permission
+    then
+        return 1
+    fi
+
+    # List all permissions
+    # Filter only the required permission with a multiline sed (Here a cut from the permission to the next one), remove the url and his value
+    perm="$(yunohost user permission list --full --output-as plain | sed --quiet "/^#$app.$permission/,/^#[[:alnum:]]/p" | sed "/^##url/,+1d")"
+    # Remove all lines starting by # (got from the plain output before)
+    allowed_users="$(echo "$perm" | grep --invert-match '^#')"
+    # Grep the list of users an return the result if the user is indeed into the list
+    echo "$allowed_users" | grep --quiet --word "$user"
+    }
\ No newline at end of file
diff --git a/scripts/install b/scripts/install
index 744f84c..2f74e58 100644
--- a/scripts/install
+++ b/scripts/install
@@ -23,7 +23,6 @@ ynh_abort_if_errors
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
 is_public=$YNH_APP_ARG_IS_PUBLIC
-
 app=$YNH_APP_INSTANCE_NAME
 
 #=================================================
@@ -51,17 +50,13 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 
+
 #=================================================
 # Install dependency to convert tracks to a readable format for the browser
 #=================================================
 ynh_script_progression --message="Installing dependencies..." --time --weight=1
 
-if [ "$(lsb_release --codename --short)" != "jessie" ]
-then
-  ynh_install_app_dependencies $pkg_dependencies
-else
-  ynh_die --message="Votre version de Debian n'est pas compatible..." --time --weight=1
-fi
+ynh_install_app_dependencies $pkg_dependencies
 
 #=================================================
 # CREATE DEDICATED USER
@@ -95,28 +90,29 @@ ynh_script_progression --message="Configuring php-fpm..." --time --weight=1
 # Create a dedicated php-fpm config
 ynh_add_fpm_config
 
+#=================================================
+# Files owned by user app
+#=================================================
+
+chown $app:$app $final_path -R
+chmod 755 $final_path -R
+
+# Remove the public access
+ynh_app_setting_delete --app=$app --key=skipped_uris
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
+ynh_script_progression --message="Configuring permissions..." --time --weight=1
 
-if [ $is_public -eq 0 ]
-then  # Remove the public access
-  ynh_app_setting_delete $app skipped_uris
-fi
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-  # unprotected_uris allows SSO credentials to be passed anyway.
-  ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+    # Everyone can access the app.
+  # The "main" permission is automatically created before the install script.
+  ynh_permission_update --permission "main" --add "visitors"
 fi
-
-#=================================================
-# RELOAD NGINX
-#=================================================
-ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
-
-systemctl reload nginx
+# Only the users can access to the panel of the app
+# ynh_permission_update --permission="main" --add "all_users"
 
 #=================================================
 # MODIFY A CONFIG FILE
@@ -134,11 +130,11 @@ else
 fi
 
 #=================================================
-# Files owned by user app
+# RELOAD NGINX
 #=================================================
+ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
 
-chown $app:$app $final_path -R
-chmod 755 $final_path -R
+systemctl reload nginx
 
 #=================================================
 # END OF SCRIPT
diff --git a/scripts/upgrade b/scripts/upgrade
index eaeffbf..e8c4e31 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -18,7 +18,6 @@ app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path) || ynh_die "This path already contains a folder"
 #=================================================
 # CHECK VERSION
@@ -37,21 +36,34 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
 
-# Fix is_public as a boolean value
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=1
-	is_public=1
-elif [ "$is_public" = "No" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=0
-	is_public=0
-fi
-
 # If final_path doesn't exist, create it
 if [ -z "$final_path" ]; then
   final_path=/var/www/$app
   ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi
 
+### If nobody installed your app before 3.7,
+### then you may safely remove these lines
+
+# Cleaning legacy permissions
+# is_public=$(ynh_app_setting_get --app=$app --key=is_public)
+
+if [ -n "$is_public" ]; then
+  # Remove unprotected_uris
+  ynh_app_setting_delete --app=$app --key=unprotected_uris
+  
+  #Removing skipped/unprotected_uris under certain conditions, remove the visitors group added during the migration process of 3.7
+  #Remove skipped_uris. If the app was public, add visitors again to the main permission
+  if ynh_permission_has_user --permission=main --user=visitors
+  then
+    ynh_app_setting_delete --app=$app --key=skipped_uris
+    ynh_permission_update --permission "main" --add "visitors"
+  else
+    ynh_app_setting_delete --app=$app --key=skipped_uris
+  fi
+  ynh_app_setting_delete --app=$app --key=is_public
+fi
+
 #=================================================
 # Backup Data
 #=================================================
@@ -82,18 +94,6 @@ ynh_clean_setup () {
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
-# #=================================================
-# # CHECK THE PATH
-# #=================================================
-
-# Normalize the URL path syntax
-# N.B. : this is for app installations before YunoHost 2.7
-# where this value might be something like /foo/ or foo/
-# instead of /foo ....
-# If nobody installed your app before 2.7, then you may
-# safely remove this line
-path_url=$(ynh_normalize_url_path --path_url=$path_url)
-
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -181,13 +181,11 @@ chmod 755 $final_path -R
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading permissions configuration..." --time --weight=1
 
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+# Create the visitors permission if needed
+if ! ynh_permission_exists --permission "visitors"; then
+  ynh_permission_create --permission "visitors"
 fi
 
 #=================================================