diff --git a/keyserver/src/cron/compare-users.js b/keyserver/src/cron/compare-users.js
new file mode 100644
--- /dev/null
+++ b/keyserver/src/cron/compare-users.js
@@ -0,0 +1,30 @@
+// @flow
+
+import { deleteCookies } from '../deleters/cookie-deleters.js';
+import { fetchNativeCookieIDsForUserIDs } from '../fetchers/cookie-fetchers.js';
+import { fetchAllUserIDs } from '../fetchers/user-fetchers.js';
+
+async function compareMySQLUsersToIdentityService(): Promise<void> {
+  // eslint-disable-next-line no-unused-vars
+  const allUserIDs = await fetchAllUserIDs();
+  // next we need to query identity service for two things:
+  // 1. users in identity that aren't here
+  // 2. users here that aren't in identity
+  const userMissingFromKeyserver = [];
+  const userMissingFromIdentity = [];
+  if (userMissingFromKeyserver.length > 0) {
+    console.warn(
+      "found users in identity service that aren't in MySQL! " +
+        JSON.stringify(userMissingFromKeyserver),
+    );
+  }
+  if (userMissingFromIdentity.length === 0) {
+    return;
+  }
+  const cookieIDs = await fetchNativeCookieIDsForUserIDs(
+    userMissingFromIdentity,
+  );
+  await deleteCookies(cookieIDs);
+}
+
+export { compareMySQLUsersToIdentityService };
diff --git a/keyserver/src/cron/cron.js b/keyserver/src/cron/cron.js
--- a/keyserver/src/cron/cron.js
+++ b/keyserver/src/cron/cron.js
@@ -4,6 +4,7 @@
 import schedule from 'node-schedule';
 
 import { backupDB } from './backups.js';
+import { compareMySQLUsersToIdentityService } from './compare-users.js';
 import { createDailyUpdatesThread } from './daily-updates.js';
 import { updateAndReloadGeoipDB } from './update-geoip-db.js';
 import { deleteOrphanedActivity } from '../deleters/activity-deleters.js';
@@ -90,4 +91,18 @@
       }
     },
   );
+  schedule.scheduleJob(
+    '0 5 * * *', // every day at 5:00 AM GMT
+    async () => {
+      try {
+        await compareMySQLUsersToIdentityService();
+      } catch (e) {
+        console.warn(
+          'encountered error while trying to compare users table with ' +
+            'identity service',
+          e,
+        );
+      }
+    },
+  );
 }
diff --git a/keyserver/src/deleters/cookie-deleters.js b/keyserver/src/deleters/cookie-deleters.js
--- a/keyserver/src/deleters/cookie-deleters.js
+++ b/keyserver/src/deleters/cookie-deleters.js
@@ -32,10 +32,15 @@
   await deleteCookiesByConditions([condition]);
 }
 
+async function deleteCookies(cookieIDs: $ReadOnlyArray<string>): Promise<void> {
+  const condition = SQL`c.id IN (${cookieIDs})`;
+  await deleteCookiesByConditions([condition]);
+}
+
 async function deleteExpiredCookies(): Promise<void> {
   const earliestInvalidLastUpdate = Date.now() - cookieLifetime;
   const condition = SQL`c.last_used <= ${earliestInvalidLastUpdate}`;
   await deleteCookiesByConditions([condition]);
 }
 
-export { deleteCookie, deleteExpiredCookies };
+export { deleteCookie, deleteCookies, deleteExpiredCookies };