diff --git a/policies/tenant-admins.policy.hcl b/policies/tenant-admins.policy.hcl
index 1b1a02c..09e6ad7 100644
--- a/policies/tenant-admins.policy.hcl
+++ b/policies/tenant-admins.policy.hcl
@@ -7,8 +7,8 @@ path "sys/mounts/{{identity.entity.metadata.prefix}}/*" {
 }
 
 path "auth/token/create" {
-  capabilities = ["create", "update", "delete"]
+  capabilities = ["create", "update", "sudo"]
   allowed_parameters = {
-    policies = ["${tenant_name}-admin"]
+    policies = [["${tenant_name}-admin"]]
   }
 }