diff --git a/tools/run_tests/xds_k8s_test_driver/framework/test_app/server_app.py b/tools/run_tests/xds_k8s_test_driver/framework/test_app/server_app.py
index 234a9d0dcc0..bc2e092af93 100644
--- a/tools/run_tests/xds_k8s_test_driver/framework/test_app/server_app.py
+++ b/tools/run_tests/xds_k8s_test_driver/framework/test_app/server_app.py
@@ -182,7 +182,7 @@ class KubernetesServerRunner(base_runner.KubernetesBaseRunner):
                  reuse_namespace=False,
                  namespace_template=None,
                  debug_use_port_forwarding=False,
-                 enable_workload_identity=False):
+                 enable_workload_identity=True):
         super().__init__(k8s_namespace, namespace_template, reuse_namespace)
 
         # Settings
@@ -251,6 +251,9 @@ class KubernetesServerRunner(base_runner.KubernetesBaseRunner):
                 isinstance(maintenance_port, int)):
             raise TypeError('Port numbers must be integer')
 
+        if secure_mode and not self.enable_workload_identity:
+            raise ValueError('Secure mode requires Workload Identity enabled.')
+
         logger.info(
             'Deploying xDS test server "%s" to k8s namespace %s: test_port=%s '
             'maintenance_port=%s secure_mode=%s server_id=%s replica_count=%s',