diff --git a/internal/models/cleanup.go b/internal/models/cleanup.go
index ea669b79f..eddaf090f 100644
--- a/internal/models/cleanup.go
+++ b/internal/models/cleanup.go
@@ -31,6 +31,7 @@ func init() {
 	tableSessions := Session{}.TableName()
 	tableRelayStates := SAMLRelayState{}.TableName()
 	tableFlowStates := FlowState{}.TableName()
+	tableMFAChallenges := Challenge{}.TableName()
 
 	// These statements intentionally use SELECT ... FOR UPDATE SKIP LOCKED
 	// as this makes sure that only rows that are not being used in another
@@ -45,6 +46,7 @@ func init() {
 		fmt.Sprintf("delete from %q where id in (select id from %q where not_after < now() - interval '72 hours' limit 10 for update skip locked);", tableSessions, tableSessions),
 		fmt.Sprintf("delete from %q where id in (select id from %q where created_at < now() - interval '24 hours' limit 100 for update skip locked);", tableRelayStates, tableRelayStates),
 		fmt.Sprintf("delete from %q where id in (select id from %q where created_at < now() - interval '24 hours' limit 100 for update skip locked);", tableFlowStates, tableFlowStates),
+		fmt.Sprintf("delete from %q where id in (select id from %q where created_at < now() - interval '24 hours' limit 100 for update skip locked);", tableMFAChallenges, tableMFAChallenges),
 	)
 
 	var err error
diff --git a/migrations/20230523124323_add_mfa_challenge_cleanup_index.up.sql b/migrations/20230523124323_add_mfa_challenge_cleanup_index.up.sql
new file mode 100644
index 000000000..667d5020b
--- /dev/null
+++ b/migrations/20230523124323_add_mfa_challenge_cleanup_index.up.sql
@@ -0,0 +1,5 @@
+-- Index used to clean up mfa challenges
+
+create index if not exists
+  mfa_challenge_created_at_idx
+  on {{ index .Options "Namespace" }}.mfa_challenges (created_at desc);