When an account is marked as BLOCKED BRUTEFORCE I am still able to login to it from a different network. Does that mean BLOCKED BRUTEFORCE only means a specific IP is blocked from login in with that account? The label is misleading as the account is actually not blocked, if my understanding is correct. Please advise.
Welcome to the Auth0 Community!
Yes strictly speaking by default it is the IP that is blocked as opposed to the user account but if you enable Account Lockout then effectively the account will be blocked as any IP will be taken into account.
Please see https://auth0.com/docs/secure/attack-protection/brute-force-protection
Warm regards