diff --git a/src/registrar/models/user.py b/src/registrar/models/user.py
index af9f3eb3b..b4f2c08ab 100644
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@@ -68,8 +68,11 @@ class User(AbstractUser):
 
     @classmethod
     def needs_identity_verification(cls, email, uuid):
+        """A method used by our oidc classes to test whether a user needs email/uuid verification
+        or the full identity PII verification"""
                 
-         # An existing user who is a domain manager of a domain (that is, they have an entry in UserDomainRole for their User)
+         # An existing user who is a domain manager of a domain (that is,
+         # they have an entry in UserDomainRole for their User)
         try:    
             existing_user = cls.objects.get(username=uuid)
             if existing_user and UserDomainRole.objects.filter(user=existing_user).exists():
@@ -77,11 +80,14 @@ class User(AbstractUser):
         except:
             pass
                 
-        # A new incoming user who is a domain manager for one of the domains that we inputted from Verisign (that is, their email address appears in the username field of a TransitionDomain) 
+        # A new incoming user who is a domain manager for one of the domains
+        # that we inputted from Verisign (that is, their email address appears
+        # in the username field of a TransitionDomain) 
         if TransitionDomain.objects.filter(username=email).exists():
             return False
             
-        # A new incoming user who is being invited to be a domain manager (that is, their email address is in DomainInvitation for an invitation that is not yet "retrieved").
+        # A new incoming user who is being invited to be a domain manager (that is,
+        # their email address is in DomainInvitation for an invitation that is not yet "retrieved").
         if DomainInvitation.objects.filter(email=email, status=DomainInvitation.INVITED):
             return False
                 
diff --git a/src/registrar/tests/test_models.py b/src/registrar/tests/test_models.py
index d397cb129..0add94ce6 100644
--- a/src/registrar/tests/test_models.py
+++ b/src/registrar/tests/test_models.py
@@ -606,18 +606,14 @@ class TestInvitations(TestCase):
 
 
 class TestUser(TestCase):
-    """For now, just test actions that
-    occur on user login."""
+    """Test actions that occur on user login,
+    test class method that controls how users get validated."""
 
     def setUp(self):
         self.email = "mayor@igorville.gov"
         self.domain_name = "igorvilleInTransition.gov"
-        self.user, _ = User.objects.get_or_create(email=self.email)
-
-        # clean out the roles each time
-        UserDomainRole.objects.all().delete()
-
-        TransitionDomain.objects.get_or_create(username="mayor@igorville.gov", domain_name=self.domain_name)
+        self.domain, _ = Domain.objects.get_or_create(name="igorville.gov")
+        self.user, _ = User.objects.get_or_create(email=self.email)        
 
     def tearDown(self):
         super().tearDown()
@@ -626,6 +622,8 @@ class TestUser(TestCase):
         DomainInformation.objects.all().delete()
         TransitionDomain.objects.all().delete()
         User.objects.all().delete()
+        UserDomainRole.objects.all().delete()
+        TransitionDomain.objects.get_or_create(username="mayor@igorville.gov", domain_name=self.domain_name)
 
     def test_check_transition_domains_without_domains_on_login(self):
         """A user's on_each_login callback does not check transition domains.
@@ -634,3 +632,26 @@ class TestUser(TestCase):
         are created."""
         self.user.on_each_login()
         self.assertFalse(Domain.objects.filter(name=self.domain_name).exists())
+        
+    def test_identity_verification_with_domain_manager(self):
+        """A domain manager should return False when tested with class
+        method needs_identity_verification"""
+        UserDomainRole.objects.get_or_create(user=self.user, domain=self.domain, role=UserDomainRole.Roles.MANAGER)
+        self.assertFalse(User.needs_identity_verification(self.user.email, self.user.username))
+        
+    def test_identity_verification_with_transition_user(self):
+        """A user from the Verisign transition should return False
+        when tested with class method needs_identity_verification"""
+        TransitionDomain.objects.get_or_create(username=self.user.email, domain_name=self.domain_name)
+        self.assertFalse(User.needs_identity_verification(self.user.email, self.user.username))
+        
+    def test_identity_verification_with_invited_user(self):
+        """An invited user should return False when tested with class
+        method needs_identity_verification"""
+        DomainInvitation.objects.get_or_create(email=self.user.email, domain=self.domain)
+        self.assertFalse(User.needs_identity_verification(self.user.email, self.user.username))
+        
+    def test_identity_verification_with_new_user(self):
+        """A new user who's neither transitioned nor invited should
+        return True when tested with class method needs_identity_verification"""
+        self.assertTrue(User.needs_identity_verification(self.user.email, self.user.username))