diff --git a/datamodels/2.x/itop-hub-connector/TokenValidation.php b/datamodels/2.x/itop-hub-connector/TokenValidation.php
new file mode 100644
index 000000000..6a30079cf
--- /dev/null
+++ b/datamodels/2.x/itop-hub-connector/TokenValidation.php
@@ -0,0 +1,19 @@
+<?php
+
+class TokenValidation
+{
+	// construct function
+	public function __construct()
+	{
+	}
+	public function isSetupTokenValid($sParamToken) : bool
+	{
+		if (!file_exists(APPROOT.'data/.setup')) {
+			return false;
+		}
+		$sSetupToken = trim(file_get_contents(APPROOT.'data/.setup'));
+		unlink(APPROOT.'data/.setup');
+		return $sParamToken === $sSetupToken;
+	}
+
+}
\ No newline at end of file
diff --git a/datamodels/2.x/itop-hub-connector/launch.php b/datamodels/2.x/itop-hub-connector/launch.php
index 0971248e6..08aa8d7ab 100644
--- a/datamodels/2.x/itop-hub-connector/launch.php
+++ b/datamodels/2.x/itop-hub-connector/launch.php
@@ -257,13 +257,15 @@ function MakeDataToPost($sTargetRoute)
 	return $aDataToPost;
 }
 
-try {
-	require_once(APPROOT.'/application/application.inc.php');
-	require_once(APPROOT.'/application/itopwebpage.class.inc.php');
-	require_once(APPROOT.'/setup/extensionsmap.class.inc.php');
-	require_once('hubconnectorpage.class.inc.php');
-
-	require_once(APPROOT.'/application/startup.inc.php');
+try
+{
+	require_once (APPROOT.'/application/application.inc.php');
+	require_once (APPROOT.'/application/itopwebpage.class.inc.php');
+	require_once (APPROOT.'/setup/extensionsmap.class.inc.php');
+	require_once ('hubconnectorpage.class.inc.php');
+	
+	require_once (APPROOT.'/application/startup.inc.php');
+    require_once('TokenValidation.php');
 
 	$sTargetRoute = utils::ReadParam('target', ''); // ||browse_extensions|deploy_extensions|
 
@@ -279,15 +281,24 @@ try {
 
 	switch ($sTargetRoute) {
 		case 'inform_after_setup':
-			// Hidden IFRAME at the end of the setup
-			require_once(APPROOT.'/application/ajaxwebpage.class.inc.php');
-			$oPage = new NiceWebPage('');
-			$aDataToPost = MakeDataToPost($sTargetRoute);
-			$oPage->add('<form id="hub_launch_form" action="'.$sHubUrlStateless.'" method="post">');
-			$oPage->add('<input type="hidden" name="json" value="'.htmlentities(json_encode($aDataToPost), ENT_QUOTES, 'UTF-8').'">');
-			$oPage->add_ready_script('$("#hub_launch_form").submit();');
-			break;
+		// Hidden IFRAME at the end of the setup
+		require_once (APPROOT.'/application/ajaxwebpage.class.inc.php');
 
+        $sParamToken = utils::ReadParam('setup_token');
+        $oTokenValidation = new TokenValidation();
+        $bIsTokenValid = $oTokenValidation->isSetupTokenValid($sParamToken);
+        if (UserRights::IsAdministrator() || $bIsTokenValid) {
+            $oPage = new NiceWebPage('');
+            $aDataToPost = MakeDataToPost($sTargetRoute);
+            $oPage->add('<form id="hub_launch_form" action="' . $sHubUrlStateless . '" method="post">');
+            $oPage->add('<input type="hidden" name="json" value="' . htmlentities(json_encode($aDataToPost), ENT_QUOTES, 'UTF-8') . '">');
+            $oPage->add_ready_script('$("#hub_launch_form").submit();');
+        } else {
+            IssueLog::Error('TokenValidation failed on inform_after_setup page');
+            throw new Exception("Not allowed");
+        }
+		break;
+		
 		default:
 			// All other cases, special "Hub like" web page
 			if ($sTargetRoute == 'view_dashboard') {
diff --git a/setup/wizardsteps.class.inc.php b/setup/wizardsteps.class.inc.php
index f5633c63b..68f997960 100644
--- a/setup/wizardsteps.class.inc.php
+++ b/setup/wizardsteps.class.inc.php
@@ -2616,6 +2616,11 @@ class WizStepDone extends WizardStep
 		$oProductionEnv->InitDataModel($oConfig, true);
 		$sIframeUrl = $oConfig->GetModuleSetting('itop-hub-connector', 'setup_url', '');
 
+        $sSetupTokenFile = APPROOT.'data/.setup';
+        $sSetupToken = bin2hex(random_bytes(12));
+        file_put_contents($sSetupTokenFile, $sSetupToken);
+        $sIframeUrl.= "&setup_token=$sSetupToken";
+
 		if ($sIframeUrl != '')
 		{
 			$oPage->add('<iframe id="fresh_content" frameborder="0" scrolling="auto" src="'.$sIframeUrl.'"></iframe>');
diff --git a/tests/php-unit-tests/unitary-tests/datamodels/2.x/itop-hub-connector/TokenValidationTest.php b/tests/php-unit-tests/unitary-tests/datamodels/2.x/itop-hub-connector/TokenValidationTest.php
new file mode 100644
index 000000000..8ae6da01e
--- /dev/null
+++ b/tests/php-unit-tests/unitary-tests/datamodels/2.x/itop-hub-connector/TokenValidationTest.php
@@ -0,0 +1,43 @@
+<?php
+declare(strict_types=1);
+
+namespace Combodo\iTop\Test\UnitTest\Module\LaunchTest;
+
+use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
+use TokenValidation;
+
+class TokenValidationTest extends ItopDataTestCase
+{
+	/**
+	 * @param string $sSetupToken
+	 *
+	 * @return string
+	 */
+	public function createSetupTokenFile(string $sSetupToken): string
+	{
+		$sSetupTokenFile = APPROOT.'data/.setup';
+		file_put_contents($sSetupTokenFile, $sSetupToken);
+
+		return $sSetupTokenFile;
+	}protected function setUp(): void
+	{
+		parent::setUp();
+		$this->RequireOnceItopFile('datamodels/2.x/itop-hub-connector/TokenValidation.php');
+	}
+
+	public function testLaunch()
+	{
+		$oTokenValidation = new TokenValidation();
+
+		$sSetupToken = bin2hex(random_bytes(12));
+		$this->assertFalse($oTokenValidation->isSetupTokenValid('lol'));
+		$this->assertFalse($oTokenValidation->isSetupTokenValid(''));
+		$this->assertFalse($oTokenValidation->isSetupTokenValid($sSetupToken));
+		$this->createSetupTokenFile($sSetupToken);
+		$this->assertFalse($oTokenValidation->isSetupTokenValid('lol'));
+		$this->createSetupTokenFile($sSetupToken);
+		$this->assertFalse($oTokenValidation->isSetupTokenValid(''));
+		$this->createSetupTokenFile($sSetupToken);
+		$this->assertTrue($oTokenValidation->isSetupTokenValid($sSetupToken));
+	}
+}