Put the admin accounts on the device BEFORE FileVault enables and they should get a FileVault token when FileVault is enabled. If timing is an issue you may want to give more of a grace period than next login.

Have you had good luck with that script on all devices?  I'm searching for a similar solution.

@SGamgee, https://github.com/NU-ITS/LAPSforMac - this one is working perfectly.

Regarding FV enabling for those users - had to move it to backlog at the moment.

Adding an update here:

Investigated laps solutions and here's my conclusion:

was updated 6 years ago last time: https://github.com/NU-ITS/LAPSforMac

it sends a new password with a curl PUT -d via https

https://marketplace.jamf.com/details/easylaps - paid one

https://github.com/PezzaD84/macOSLAPS - best one on the first sight because of using curl via https + crypt key and secret pair stored at jamf. Unfortunately, password itself could be seen only via a GUI application for macos. Moreover, not sure this solution works properly with Secure Token, bootstrap token, and volume ownership.

Our users are currently local admins with some restrictions via jamf policy (they could remove those restrictions manually as they are full root users, I guess).

nvm, seems like the best option for me is to have a backup fv-enabled local admin with a constant password.

I was looking the way to make that user easily but didn't find a proper solution.

The best one I see is to execute the next from Jamf:

but terminal requires username and password to be typed manually after that. Don't you guys know if there's a way to redirect username and password to stdin (with wait, I guess)?