Some Admins can access the SecureAuth0 realm, but some cannot.
The SecureAuth0 Web Admin console is configured to allow only the members of the "domain admins" group access.
Check the "Primary Group" setting on the "Member Of" tab. If the Primary Group is set to "Domain Admins", the "memberof" attribute of the user object cannot be read, and an invalid group message is received when authenticating.
On this specific user's AD account profile, the "Set Primary Group" field was selected as the "Admin" group.
Changing it to another group or not selecting any group solved the issue; the user was able to log in to SecureAuth0 via a browser.
Resource to read: