diff --git a/scripts/_common.sh b/scripts/_common.sh
index 3ac2202..a6dd02b 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -15,5 +15,3 @@ YNH_PHP_VERSION="7.3"
 #=================================================
 # FUTURE OFFICIAL HELPERS
 #=================================================
-
-
diff --git a/scripts/install b/scripts/install
index 441adc1..9e0cb73 100644
--- a/scripts/install
+++ b/scripts/install
@@ -200,11 +200,12 @@ ynh_add_fail2ban_config --logpath="$final_path/app/data/_data_/_default_/logs/fa
 #=================================================
 ynh_script_progression --message="Configuring SSOwat..."
 
-# Make app public if necessary
+# Make app public if necessary or protect it
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	 	ynh_permission_update --permission "main" --add "visitors"
 fi
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index e6c193e..c4a7b62 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -173,18 +173,6 @@ ynh_script_progression --message="Reconfiguring Fail2ban..." --weight=9
 # Create a dedicated fail2ban config
 ynh_add_fail2ban_config --logpath="$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log" --failregex="Auth failed: ip=<HOST>.*$"
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
-
 #=================================================
 # RELOAD NGINX
 #=================================================