diff --git a/internal/query/user.go b/internal/query/user.go
index 66c7abb228..28bc36fab4 100644
--- a/internal/query/user.go
+++ b/internal/query/user.go
@@ -1335,26 +1335,7 @@ func prepareUsersQuery() (sq.SelectBuilder, func(*sql.Rows) (*Users, error)) {
 				loginNames := database.TextArray[string]{}
 				preferredLoginName := sql.NullString{}
 
-				humanID := sql.NullString{}
-				firstName := sql.NullString{}
-				lastName := sql.NullString{}
-				nickName := sql.NullString{}
-				displayName := sql.NullString{}
-				preferredLanguage := sql.NullString{}
-				gender := sql.NullInt32{}
-				avatarKey := sql.NullString{}
-				email := sql.NullString{}
-				isEmailVerified := sql.NullBool{}
-				phone := sql.NullString{}
-				isPhoneVerified := sql.NullBool{}
-				passwordChangeRequired := sql.NullBool{}
-				passwordChanged := sql.NullTime{}
-
-				machineID := sql.NullString{}
-				name := sql.NullString{}
-				description := sql.NullString{}
-				encodedHash := sql.NullString{}
-				accessTokenType := sql.NullInt32{}
+				human, machine := sqlHuman{}, sqlMachine{}
 
 				err := rows.Scan(
 					&u.ID,
@@ -1367,25 +1348,28 @@ func prepareUsersQuery() (sq.SelectBuilder, func(*sql.Rows) (*Users, error)) {
 					&u.Username,
 					&loginNames,
 					&preferredLoginName,
-					&humanID,
-					&firstName,
-					&lastName,
-					&nickName,
-					&displayName,
-					&preferredLanguage,
-					&gender,
-					&avatarKey,
-					&email,
-					&isEmailVerified,
-					&phone,
-					&isPhoneVerified,
-					&passwordChangeRequired,
-					&passwordChanged,
-					&machineID,
-					&name,
-					&description,
-					&encodedHash,
-					&accessTokenType,
+
+					&human.humanID,
+					&human.firstName,
+					&human.lastName,
+					&human.nickName,
+					&human.displayName,
+					&human.preferredLanguage,
+					&human.gender,
+					&human.avatarKey,
+					&human.email,
+					&human.isEmailVerified,
+					&human.phone,
+					&human.isPhoneVerified,
+					&human.passwordChangeRequired,
+					&human.passwordChanged,
+
+					&machine.machineID,
+					&machine.name,
+					&machine.description,
+					&machine.encodedSecret,
+					&machine.accessTokenType,
+
 					&count,
 				)
 				if err != nil {
@@ -1397,28 +1381,28 @@ func prepareUsersQuery() (sq.SelectBuilder, func(*sql.Rows) (*Users, error)) {
 					u.PreferredLoginName = preferredLoginName.String
 				}
 
-				if humanID.Valid {
+				if human.humanID.Valid {
 					u.Human = &Human{
-						FirstName:              firstName.String,
-						LastName:               lastName.String,
-						NickName:               nickName.String,
-						DisplayName:            displayName.String,
-						AvatarKey:              avatarKey.String,
-						PreferredLanguage:      language.Make(preferredLanguage.String),
-						Gender:                 domain.Gender(gender.Int32),
-						Email:                  domain.EmailAddress(email.String),
-						IsEmailVerified:        isEmailVerified.Bool,
-						Phone:                  domain.PhoneNumber(phone.String),
-						IsPhoneVerified:        isPhoneVerified.Bool,
-						PasswordChangeRequired: passwordChangeRequired.Bool,
-						PasswordChanged:        passwordChanged.Time,
+						FirstName:              human.firstName.String,
+						LastName:               human.lastName.String,
+						NickName:               human.nickName.String,
+						DisplayName:            human.displayName.String,
+						AvatarKey:              human.avatarKey.String,
+						PreferredLanguage:      language.Make(human.preferredLanguage.String),
+						Gender:                 domain.Gender(human.gender.Int32),
+						Email:                  domain.EmailAddress(human.email.String),
+						IsEmailVerified:        human.isEmailVerified.Bool,
+						Phone:                  domain.PhoneNumber(human.phone.String),
+						IsPhoneVerified:        human.isPhoneVerified.Bool,
+						PasswordChangeRequired: human.passwordChangeRequired.Bool,
+						PasswordChanged:        human.passwordChanged.Time,
 					}
-				} else if machineID.Valid {
+				} else if machine.machineID.Valid {
 					u.Machine = &Machine{
-						Name:            name.String,
-						Description:     description.String,
-						EncodedSecret:   encodedHash.String,
-						AccessTokenType: domain.OIDCTokenType(accessTokenType.Int32),
+						Name:            machine.name.String,
+						Description:     machine.description.String,
+						EncodedSecret:   machine.encodedSecret.String,
+						AccessTokenType: domain.OIDCTokenType(machine.accessTokenType.Int32),
 					}
 				}
 
@@ -1437,3 +1421,29 @@ func prepareUsersQuery() (sq.SelectBuilder, func(*sql.Rows) (*Users, error)) {
 			}, nil
 		}
 }
+
+type sqlHuman struct {
+	humanID                sql.NullString
+	firstName              sql.NullString
+	lastName               sql.NullString
+	nickName               sql.NullString
+	displayName            sql.NullString
+	preferredLanguage      sql.NullString
+	gender                 sql.NullInt32
+	avatarKey              sql.NullString
+	email                  sql.NullString
+	isEmailVerified        sql.NullBool
+	phone                  sql.NullString
+	isPhoneVerified        sql.NullBool
+	passwordChangeRequired sql.NullBool
+	passwordChanged        sql.NullTime
+	mfaInitSkipped         sql.NullTime
+}
+
+type sqlMachine struct {
+	machineID       sql.NullString
+	name            sql.NullString
+	description     sql.NullString
+	encodedSecret   sql.NullString
+	accessTokenType sql.NullInt32
+}