diff --git a/manifest.json b/manifest.json
index 98ee918..cfb74fe 100644
--- a/manifest.json
+++ b/manifest.json
@@ -14,7 +14,7 @@
         "email": "pierre@kayou.io"
     },
     "requirements": {
-        "yunohost": ">= 3.5"
+        "yunohost": ">= 3.8.1"
     },
     "multi_instance": true,
     "services": [
diff --git a/scripts/install b/scripts/install
index d1fe1ce..73e48b7 100755
--- a/scripts/install
+++ b/scripts/install
@@ -154,15 +154,16 @@ ynh_replace_string --match_string="isMediaPathModified = true" --replace_string=
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring SSOwat..." --weight=1
+ynh_script_progression --message="Configuring permissions..." --weight=1
 
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-	# protect the admin panel
-	ynh_app_setting_set --app=$app --key=protected_uris --value="/admin"
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission="main" --add="visitors"
+	# Only the admin can access the admin panel of the app (if the app has an admin panel)
+	ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
 fi
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 23a587a..a0e9846 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -49,6 +49,18 @@ if [ -z "$final_path" ]; then
 	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi
 
+# Cleaning legacy permissions
+if ynh_legacy_permissions_exists; then
+	ynh_legacy_permissions_delete_all
+
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
+if ! ynh_permission_exists --permission="admin"; then
+	# Create the required permissions
+	ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -142,20 +154,6 @@ ynh_replace_string --match_string="isMediaPathModified = true" --replace_string=
 # Set permissions on app files
 chown -R $app: $final_path
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-	# protect the admin panel
-	ynh_app_setting_set --app=$app --key=protected_uris --value="/admin"
-fi
-
 #=================================================
 # RELOAD NGINX
 #=================================================