diff --git a/test/iam/platform-access-approval/chainsaw-test.yaml b/test/iam/platform-access-approval/chainsaw-test.yaml
new file mode 100644
index 00000000..6e539139
--- /dev/null
+++ b/test/iam/platform-access-approval/chainsaw-test.yaml
@@ -0,0 +1,43 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: platform-access-approval
+spec:
+  description: |
+    Verify that a User's registrationApproval starts as Pending and becomes Approved
+    after creating a PlatformAccessApproval.
+  steps:
+  - name: approval-flow
+    description: Create a User, confirm Pending, then approve and expect Approved
+    try:
+    - apply:
+        file: resources/user-approval.yaml
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-approval-test-user
+        timeout: 2m
+        for:
+          condition:
+            name: Ready
+            value: 'True'
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-approval-test-user
+        timeout: 1m
+        for:
+          jsonPath:
+            path: '{.status.registrationApproval}'
+            value: Pending
+    - apply:
+        file: resources/approval.yaml
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-approval-test-user
+        timeout: 2m
+        for:
+          jsonPath:
+            path: '{.status.registrationApproval}'
+            value: Approved
diff --git a/test/iam/platform-access-approval/resources/approval.yaml b/test/iam/platform-access-approval/resources/approval.yaml
new file mode 100644
index 00000000..0f70db78
--- /dev/null
+++ b/test/iam/platform-access-approval/resources/approval.yaml
@@ -0,0 +1,8 @@
+apiVersion: iam.miloapis.com/v1alpha1
+kind: PlatformAccessApproval
+metadata:
+  name: access-approval-for-test-user
+spec:
+  subjectRef:
+    userRef:
+      name: access-approval-test-user
diff --git a/test/iam/platform-access-approval/resources/user-approval.yaml b/test/iam/platform-access-approval/resources/user-approval.yaml
new file mode 100644
index 00000000..111237c7
--- /dev/null
+++ b/test/iam/platform-access-approval/resources/user-approval.yaml
@@ -0,0 +1,8 @@
+apiVersion: iam.miloapis.com/v1alpha1
+kind: User
+metadata:
+  name: access-approval-test-user
+spec:
+  email: approval.user@example.com
+  givenName: Approval
+  familyName: User
diff --git a/test/iam/platform-access-rejection/chainsaw-test.yaml b/test/iam/platform-access-rejection/chainsaw-test.yaml
new file mode 100644
index 00000000..0b0def1b
--- /dev/null
+++ b/test/iam/platform-access-rejection/chainsaw-test.yaml
@@ -0,0 +1,45 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: platform-access-rejection
+spec:
+  description: |
+    Verify that a User's registrationApproval starts as Pending and becomes Rejected
+    after creating a PlatformAccessRejection.
+  steps:
+  - name: rejection-flow
+    description: Create a User, confirm Pending, then reject and expect Rejected
+    try:
+    - apply:
+        file: resources/user-rejection.yaml
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-rejection-test-user
+        timeout: 2m
+        for:
+          condition:
+            name: Ready
+            value: 'True'
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-rejection-test-user
+        timeout: 1m
+        for:
+          jsonPath:
+            path: '{.status.registrationApproval}'
+            value: Pending
+    - apply:
+        file: resources/rejection.yaml
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-rejection-test-user
+        timeout: 2m
+        for:
+          jsonPath:
+            path: '{.status.registrationApproval}'
+            value: Rejected
+
+
diff --git a/test/iam/platform-access-rejection/resources/rejection.yaml b/test/iam/platform-access-rejection/resources/rejection.yaml
new file mode 100644
index 00000000..7aa40764
--- /dev/null
+++ b/test/iam/platform-access-rejection/resources/rejection.yaml
@@ -0,0 +1,8 @@
+apiVersion: iam.miloapis.com/v1alpha1
+kind: PlatformAccessRejection
+metadata:
+  name: access-rejection-for-test-user
+spec:
+  subjectRef:
+    name: access-rejection-test-user
+  reason: Not eligible for platform access
diff --git a/test/iam/platform-access-rejection/resources/user-rejection.yaml b/test/iam/platform-access-rejection/resources/user-rejection.yaml
new file mode 100644
index 00000000..5a1e34b1
--- /dev/null
+++ b/test/iam/platform-access-rejection/resources/user-rejection.yaml
@@ -0,0 +1,8 @@
+apiVersion: iam.miloapis.com/v1alpha1
+kind: User
+metadata:
+  name: access-rejection-test-user
+spec:
+  email: rejection.user@example.com
+  givenName: Rejection
+  familyName: User