Permission denied to enable okta auth method, what permission is needed?

I have a pipeline that deploys Vault configs via Terraform

It have this policy for my testing:

vault policy write terraform-gitlab -<<EOF
path "auth/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

path "sys/auth/*" {
  capabilities = ["create", "update", "delete"]
}

path "sys/auth" {
  capabilities = ["read"]
}

path "sys/auth/auth/+/+" {
  capabilities = ["create", "update", "delete"]
}

path "sys/policies/acl" {
  capabilities = ["read"]
}

path "sys/policies/acl/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

path "sys/mounts/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

path "sys/mounts" {
  capabilities = ["read"]
}
EOF

Error I am running into:

 vault_okta_auth_backend.okta: Creating...
 Error: error writing to Vault: Error making API request.
 URL: POST <REMOVED>/v1/sys/auth/auth/okta/config
 Code: 403. Errors:
 * 1 error occurred:
 	* permission denied
   on dev/auth-methods/auth-methods.tf line 6, in resource "vault_okta_auth_backend" "okta":
    6: resource "vault_okta_auth_backend" "okta" {
 ERROR: Job failed: command terminated with exit code 1

My terraform code is:

resource "vault_okta_auth_backend" "okta" {
    description  = "Okta auth backend"
    organization = "oktaorg.com"
    token        = var.okta_token
    ttl = "1h"
    max_ttl = "12h"
    path = "auth/okta/config"

    group {
        group_name = "DevOps"
        policies   = ["h2_devops"]
    }
}

What am I missing from my policy?

sudo is what you are missing.