diff --git a/conf/add_sso_conf.py b/conf/add_sso_conf.py
deleted file mode 100644
index 80c5503..0000000
--- a/conf/add_sso_conf.py
+++ /dev/null
@@ -1,12 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    if "skipped_urls" in data:
-        data["skipped_urls"].append("/seafhttp")
-    else:
-        data["skipped_urls"] = ["/seafhttp"]
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
diff --git a/conf/add_sso_conf_webdav.py b/conf/add_sso_conf_webdav.py
deleted file mode 100644
index 52cb4f8..0000000
--- a/conf/add_sso_conf_webdav.py
+++ /dev/null
@@ -1,8 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
\ No newline at end of file
diff --git a/conf/update_sso_conf.py b/conf/update_sso_conf.py
deleted file mode 100644
index 5264b50..0000000
--- a/conf/update_sso_conf.py
+++ /dev/null
@@ -1,14 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    data["unprotected_urls"].remove("/seafhttp")
-    data["unprotected_urls"].remove("/seafdav")
-    if "skipped_urls" in data:
-        data["skipped_urls"].append("/seafhttp")
-    else:
-        data["skipped_urls"] = ["/seafhttp"]
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
\ No newline at end of file
diff --git a/manifest.json b/manifest.json
index e4ce82a..8e6b246 100644
--- a/manifest.json
+++ b/manifest.json
@@ -23,7 +23,7 @@
         "mysql"
     ],
     "requirements": {
-        "yunohost": ">= 3.5.2.2"
+        "yunohost": ">= 3.7.0.6"
     },
     "arguments": {
         "install": [
diff --git a/scripts/install b/scripts/install
index c00c158..514d44d 100644
--- a/scripts/install
+++ b/scripts/install
@@ -136,6 +136,7 @@ echo '[LDAP]' | tee -a $final_path/conf/ccnet.conf
 echo 'HOST = ldap://localhost:389' | tee -a $final_path/conf/ccnet.conf
 echo 'BASE = ou=users,dc=yunohost,dc=org' | tee -a $final_path/conf/ccnet.conf
 echo 'LOGIN_ATTR = mail' | tee -a $final_path/conf/ccnet.conf
+echo 'FILTER = &(objectClass=posixAccount)(permission=cn='$app'.main,ou=permission,dc=yunohost,dc=org)' | tee -a $final_path/conf/ccnet.conf
 
 # Enable manually wiki
 echo 'ENABLE_WIKI = True' | tee -a $final_path/conf/seahub_settings.py
@@ -190,17 +191,14 @@ set_permission
 
 ynh_script_progression --message="Configuring permissions..."
 
-# Add sso config to unprotect domain.tld/seafhttp + domain.tld/seafdav do in /etc/ssowat/conf.json.persistent
-python3 ../conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app."
+# unprotect media, seafhttp, seafdav
+ynh_permission_create --permission "media" --url '/media' --allowed 'visitors'
+ynh_permission_create --permission "fileserver" --url "$domain/seafhttp" --allowed 'visitors'
+ynh_permission_create --permission "webdav" --url "$domain/seafdav" --allowed 'visitors'
 
-# unprotect media
-ynh_app_setting_set --app $app --key unprotected_uris --value "/media"
-
-if [ "$is_public" = "0" ]
+if [ "$is_public" == '1' ];
 then
-	ynh_app_setting_delete --app seafile --key unprotected_uris
-else
-	ynh_app_setting_set --app $app --key unprotected_uris --value "/"
+    ynh_permission_update --permission "main" --add "visitors"
 fi
 
 # Add logrotate
diff --git a/scripts/remove b/scripts/remove
index 296cc2c..04a928a 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -35,10 +35,6 @@ pkill -f seaf-server || true
 pkill -f ccnet-server || true
 pkill -f seahub || true
 
-# remove sso config to unprotect domain.tld/seafhttp in /etc/ssowat/conf.json.persistent
-ynh_script_progression --message="Cleaning SSO configuration..."
-python3 ../conf/remove_sso_conf.py
-
 ynh_script_progression --message="Removing logs..."
 ynh_secure_remove --file=/var/log/seafile
 ynh_script_progression --message="Removing code..."
diff --git a/scripts/restore b/scripts/restore
index cadfc30..cad561f 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -57,10 +57,6 @@ su -c "mysql -u ${app} -p$db_pwd seahubdb < ${YNH_CWD}/seahubdb.dmp"
 # GENERIC FINALIZATION
 #=================================================
 
-# Restore sso persistent config
-ynh_script_progression --message="Configuring permissions..."
-python3 ../settings/conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app."
-
 # Add logrotate
 ynh_script_progression --message="Configuring log rotation..."
 ynh_use_logrotate --logfile $final_path/logs
diff --git a/scripts/upgrade b/scripts/upgrade
index dea0f9e..6d38628 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -19,6 +19,7 @@ ynh_script_progression --message="Loading installation settings..."
 # Retrieve arguments
 domain=$(ynh_app_setting_get --app $app --key domain)
 path_url=$(ynh_normalize_url_path --path_url $(ynh_app_setting_get --app $app --key path))
+is_public=$(ynh_app_setting_get --app $app --key is_public)
 installed_version=$(ynh_app_setting_get --app $app --key installed_version)
 seahub_port=$(ynh_app_setting_get --app $app --key seahub_port)
 fileserver_port=$(ynh_app_setting_get --app $app --key fileserver_port)
@@ -215,6 +216,11 @@ then
     ynh_app_setting_set --app $app --key fileserver_port --value $fileserver_port
 fi
 
+# Add filter settings if needed
+if ! grep -q "FILTER" $final_path/conf/ccnet.conf; then
+    echo 'FILTER = &(objectClass=posixAccount)(permission=cn='$app'.main,ou=permission,dc=yunohost,dc=org)' | tee -a $final_path/conf/ccnet.conf
+fi
+
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
@@ -231,6 +237,20 @@ ynh_add_systemd_config --service seahub --template seahub.service
 # GENERIC FINALIZATION
 #=================================================
 
+# Set all permissions
+ynh_script_progression --message="Update permission..."
+if ! ynh_permission_exists --permission fileserver; then
+    ynh_app_setting_delete --app $app --key unprotected_uris
+    python3 ../conf/remove_sso_conf.py
+    ynh_permission_create --permission "media" --url '/media' --allowed 'visitors'
+    ynh_permission_create --permission "fileserver" --url "$domain/seafhttp" --allowed 'visitors'
+    ynh_permission_create --permission "webdav" --url "$domain/seafdav" --allowed 'visitors'
+fi
+if [ "$is_public" == '1' ];
+then
+    ynh_permission_update --permission "main" --add "visitors"
+fi
+
 # Set all permissions
 ynh_script_progression --message="Protecting directory..."
 set_permission