Have a read of this:
Use secure token, bootstrap token and volume ownership in deployments – Apple Support (UK)
Never used any of it myself

I've spent most of the past three days on that page. While it gives some options, it doesn't really give a clean solution, especially when the account that is receiving the Secure Token isn't an administrator. There are also no real secure options that can be automated without having to send a password through the script and/or policy.

If you know the passwords for the auto log in account maybe modify the scipt on here:
Re: SecureToken for Admin Accounts - Jamf Nation Community - 166011
It just uses the command apple state on the previous link

You could adjust your set up policies, run an auto login by the admin account first to give it the secure token, then log out and switch to your normal account for auto logging in.
Doesnt help devices already set up, but will help in the future.
You can leave breadcrumbs, to adjust smart group membership and when to pick up each of the auto login accounts. Dont forget to run a jamf recon each time you do a change to let the Jamf server know you have changed things.

Breadcrumbs info...
https://snelson.us/2023/12/breadcrumbs/

I had been considering this... after they fix the issue with auto-login accounts also not receiving the Secure Token. Currently, since 11.1.1, only the first account that is actively created on the computer itself will receive the Secure Token. I have a ticket in with Jamf about this and have been assigned an engineer to investigate.

You can either set the password of the account you want to receive the token, before the auto login occurs or...
flag the auto login account from receiving the first token as below;

sudo dscl . -append /Users/<user name> AuthenticationAuthority ";DisabledTags;SecureToken"

https://support.apple.com/en-gb/guide/deployment/dep24dbdcf9e/web