diff --git a/sdk/identity/identity/test/internal/node/workloadIdentityCredentialIdentityBinding.spec.ts b/sdk/identity/identity/test/internal/node/workloadIdentityCredentialIdentityBinding.spec.ts
index 1ba2c16e7bbd..4a4feee7d2ed 100644
--- a/sdk/identity/identity/test/internal/node/workloadIdentityCredentialIdentityBinding.spec.ts
+++ b/sdk/identity/identity/test/internal/node/workloadIdentityCredentialIdentityBinding.spec.ts
@@ -37,6 +37,22 @@ describe("WorkloadIdentityCredential - Identity Binding Configuration", function
   });
 
   describe("Certificate Validation & Processing", function () {
+    let tempDir: string | undefined;
+    let tempCaFile: string | undefined;
+
+    afterEach(async function () {
+      if (tempDir) {
+        try {
+          await fs.rm(tempDir, { recursive: true, force: true });
+        } catch (error) {
+          // Ignore cleanup errors to prevent test suite failures
+        } finally {
+          tempDir = undefined;
+          tempCaFile = undefined;
+        }
+      }
+    });
+
     it("should throw error for invalid CA certificate data", async function () {
       vi.stubEnv("AZURE_KUBERNETES_TOKEN_PROXY", "https://test-proxy.example.com");
       vi.stubEnv("AZURE_KUBERNETES_CA_DATA", "invalid-certificate-data");
@@ -52,8 +68,8 @@ describe("WorkloadIdentityCredential - Identity Binding Configuration", function
     });
     it("should validate CA file changes and cache invalidation", async function () {
       const invalidCaContent = "invalid-certificate-data";
-      const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "cert-test-"));
-      const tempCaFile = path.join(tempDir, "ca.pem");
+      tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "cert-test-"));
+      tempCaFile = path.join(tempDir, "ca.pem");
       // Copy valid certificate initially
       await fs.copyFile(TEST_CERT_PATH, tempCaFile);
 
@@ -100,13 +116,11 @@ describe("WorkloadIdentityCredential - Identity Binding Configuration", function
 
       // Should be a new object reference since cache was invalidated
       assert.equal(tlsSettings3.ca, getTestCertificateContent());
-      await fs.unlink(tempCaFile);
-      await fs.rmdir(tempDir);
     });
 
     it("should handle empty CA file during rotation", async function () {
-      const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "cert-test-"));
-      const tempCaFile = path.join(tempDir, "ca.pem");
+      tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "cert-test-"));
+      tempCaFile = path.join(tempDir, "ca.pem");
 
       await fs.copyFile(TEST_CERT_PATH, tempCaFile);
 
@@ -143,9 +157,6 @@ describe("WorkloadIdentityCredential - Identity Binding Configuration", function
           enableAzureKubernetesTokenProxy: true,
         });
       }, /CA certificate file is empty/);
-
-      await fs.unlink(tempCaFile);
-      await fs.rmdir(tempDir);
     });
   });