diff --git a/manifest.json b/manifest.json
index 1873f27..ba1ad42 100644
--- a/manifest.json
+++ b/manifest.json
@@ -54,6 +54,11 @@
             {
                 "name": "password",
                 "type": "password"
+            },
+            {
+                "name": "is_public",
+                "type": "boolean",
+                "default": true
             }
         ]
     }
diff --git a/scripts/install b/scripts/install
index 1a76556..47f98a1 100644
--- a/scripts/install
+++ b/scripts/install
@@ -26,6 +26,7 @@ ynh_abort_if_errors
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
 admin=$YNH_APP_ARG_ADMIN
+is_public=$YNH_APP_ARG_IS_PUBLIC
 password=$YNH_APP_ARG_PASSWORD
 random=$(ynh_string_random --length=24)
 
@@ -133,6 +134,25 @@ ynh_permission_update --permission="main" --add="visitors"
 ynh_script_progression --message="Finalizing installation..." --weight=1
 ynh_local_curl "admin/install.php" "install=dummy"
 
+# Remove the public access
+ynh_permission_update --permission="main" --remove="visitors"
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+ynh_script_progression --message="Configuring permissions..." --time --weight=1
+
+# Make app public if necessary
+if [ $is_public -eq 1 ]
+then
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission="main" --add="visitors"
+fi
+
+# Only the admin can access the admin panel of the app (if the app has an admin panel)
+ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
+
 #=================================================
 # RELOAD NGINX
 #=================================================