diff --git a/conf/LDAP-Auth.xml b/conf/LDAP-Auth.xml
new file mode 100644
index 0000000..37a7a9e
--- /dev/null
+++ b/conf/LDAP-Auth.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <LdapServer>127.0.0.1</LdapServer>
+  <LdapBaseDn>ou=users,dc=yunohost,dc=org</LdapBaseDn>
+  <LdapPort>389</LdapPort>
+  <LdapSearchAttributes>uid, mail</LdapSearchAttributes>
+  <LdapUsernameAttribute>uid</LdapUsernameAttribute>
+  <LdapSearchFilter>(permission=cn=jellyfin.main,ou=permission,dc=yunohost,dc=org)</LdapSearchFilter>
+  <LdapAdminFilter>(permission=cn=jellyfin.admin,ou=permission,dc=yunohost,dc=org)</LdapAdminFilter>
+  <LdapBindUser>cn=admin,ou=users,dc=yunohost,dc=org</LdapBindUser>
+  <LdapBindPassword />
+  <CreateUsersFromLdap>true</CreateUsersFromLdap>
+  <UseSsl>true</UseSsl>
+  <UseStartTls>false</UseStartTls>
+  <SkipSslVerify>false</SkipSslVerify>
+</PluginConfiguration>
diff --git a/conf/ldap.src b/conf/ldap.src
new file mode 100644
index 0000000..c4cd353
--- /dev/null
+++ b/conf/ldap.src
@@ -0,0 +1,7 @@
+SOURCE_URL=https://repo.jellyfin.org/releases/plugin/ldap-authentication/ldap-authentication_9.0.0.0.zip
+SOURCE_SUM=1EAE1099E30CB3C42FDC2B0ACE50601A8881EBFD9151526F39C8E2B61D7B3EF1
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=zip
+SOURCE_IN_SUBDIR=false
+SOURCE_FILENAME=
+SOURCE_EXTRACT=true
diff --git a/manifest.json b/manifest.json
index 1292ae0..dd9c159 100644
--- a/manifest.json
+++ b/manifest.json
@@ -40,6 +40,15 @@
                 "example": "/jellyfin",
                 "default": "/jellyfin"
             },
+            {
+                "name": "admin",
+                "type": "user",
+                "ask": {
+                    "en": "Choose an admin user",
+                    "fr": "Choisissez l'administrateur"
+                },
+                "example": "johndoe"
+            },
             {
                 "name": "is_public",
                 "type": "boolean",
diff --git a/scripts/install b/scripts/install
index 82a5492..96d1be9 100644
--- a/scripts/install
+++ b/scripts/install
@@ -26,6 +26,7 @@ ynh_abort_if_errors
 
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
+admin=$YNH_APP_ARG_ADMIN
 is_public=$YNH_APP_ARG_IS_PUBLIC
 
 app=$YNH_APP_INSTANCE_NAME
@@ -89,6 +90,7 @@ ynh_system_user_create --username=$app
 #=================================================
 # MODIFY A CONFIG FILE
 #=================================================
+ynh_script_progression --message="Configuring the settings..." --weight=1
 
 # Load services once to generate system.xml
 systemctl enable jellyfin
@@ -102,6 +104,18 @@ ynh_replace_string --match_string="<HttpServerPortNumber>8096</HttpServerPortNum
 # BaseUrl config
 ynh_replace_string --match_string="<BaseUrl />" --replace_string="<BaseUrl>$path_url</BaseUrl>" --target_file="/etc/jellyfin/system.xml"
 
+# Disable Setup Wizard
+ynh_replace_string --match_string="<IsStartupWizardCompleted>false</IsStartupWizardCompleted>" --replace_string="<IsStartupWizardCompleted>true</IsStartupWizardCompleted>" --target_file="/etc/jellyfin/system.xml"
+
+#=================================================
+# INSTALL LDAP PLUGIN
+#=================================================
+ynh_script_progression --message="Installing LDAP plugin..." --weight=2
+
+ynh_setup_source --dest_dir="/var/lib/jellyfin/plugins/LDAP Authentication" --source_id=ldap
+mkdir -p /var/lib/jellyfin/plugins/configurations/
+cp ../conf/LDAP-Auth.xml /var/lib/jellyfin/plugins/configurations/LDAP-Auth.xml
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -138,16 +152,19 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --l
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring SSOwat..." --weight=2
+ynh_script_progression --message="Configuring permissions..." --weight=1
 
-# Make app public if necessary or protect it
+# Make app public if necessary
 if [ $is_public -eq 1 ]
 then
 	# Everyone can access the app.
 	# The "main" permission is automatically created before the install script.
-	 ynh_permission_update --permission "main" --add "visitors"
+	ynh_permission_update --permission "main" --add "visitors"
 fi
 
+# Only the admin can access the admin panel of the app (if the app has an admin panel)
+ynh_permission_create --permission "admin" --allowed $admin
+
 #=================================================
 # RELOAD NGINX
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 01d1fc4..86cebe0 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -17,6 +17,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
 app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
+admin=$(ynh_app_setting_get --app=$app --key=admin)
 is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 port=$(ynh_app_setting_get --app=$app --key=port)
@@ -73,6 +74,19 @@ ynh_script_progression --message="Making sure dedicated system user exists..." -
 # Create a dedicated user (if not existing)
 ynh_system_user_create --username=$app
 
+#=================================================
+# INSTALL LDAP PLUGIN
+#=================================================
+
+# Install it only if the plugin directory does not exist
+if [ ! -e "/var/lib/jellyfin/plugins/LDAP Authentication" ]; then
+	ynh_script_progression --message="Installing LDAP plugin..." --weight=2
+
+	ynh_setup_source --dest_dir="/var/lib/jellyfin/plugins/LDAP Authentication" --source_id=ldap
+	mkdir -p /var/lib/jellyfin/plugins/configurations/
+	cp ../conf/LDAP-Auth.xml /var/lib/jellyfin/plugins/configurations/LDAP-Auth.xml
+fi
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -91,6 +105,16 @@ ynh_script_progression --message="Upgrading logrotate configuration..." --weight
 # Use logrotate to manage app-specific logfile(s)
 ynh_use_logrotate --non-append
 
+#=================================================
+# SETUP SSOWAT
+#=================================================
+ynh_script_progression --message="Upgrading permissions configuration..." --weight=1
+
+# Create the admin permission if needed
+if ! ynh_permission_exists --permission "admin"; then
+	ynh_permission_create --permission "admin" --allowed $admin
+fi
+
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================