In my environment I have Azure Pack integrated with ADFS. I have reprovision one user account, removed all subscriptions and deleted user account from Azure Pack Management Portal, but when I tried to login with the same AD account again into Tenant portal, I got this error:
I logged in to Azure pack SQL instance via SQL Management Studio and located Microsoft.MgmtSvc.Store database, table mp.InvalidatedUserToken. First I looked for right ID via Select TOP 1000 and then ran DELETE query, in my case right ID was 20033. After IIS reset on Tenant Portal machine, user account was able to log in.
DELETE FROM [Microsoft.MgmtSvc.Store].[mp].[InvalidatedUserTokens]