diff --git a/scripts/install b/scripts/install
index 11d001d..c75e6ad 100755
--- a/scripts/install
+++ b/scripts/install
@@ -245,8 +245,9 @@ ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.ph
 # SETUP SSOWAT
 #=================================================
 ynh_script_progression --message="Configuring SSOwat..."
+ynh_permission_update --permission="main" --add="visitors"
 # As Zap is social network and have its own permission there is no need to keep Zap behind SSO
-ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+
 
 #=================================================
 # RELOAD NGINX
diff --git a/scripts/upgrade b/scripts/upgrade
index 59b2638..af50054 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -49,6 +49,16 @@ ynh_clean_setup () {
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
+#=================================================
+# Migrate legacy permissions to new system
+#=================================================
+if ynh_legacy_permissions_exists
+then
+	ynh_legacy_permissions_delete_all
+
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
 
 #=================================================
 # STANDARD UPGRADE STEPS