How to enable a created standard user to FileVault2



I want to use some laptops as Multi-User machines so that new users can login without anyone's help.

I'd like to create a dummy standard account that anyone will be able to login with to enable FV2 login screen and then enter their Okta credentials from JAMF Connect so that they can login into the machine with their new user account created.

I can create the user in JAMF Pro but, problem is, I cannot make it FileVault2 Enable, is there a script that can do that? From the GUI in JAMF Pro the checkbox is limited to MacOS 10.13 and below.


Valued Contributor

This isn't possible unless the secure token is passed to each account. To pass the secure token you must know the passwords of both accounts.

OK, I know the password of the admin account created by the enrollment and the standard one I'll be creating. I just want the standard account with token enabled to show on the FV screen when I restart the computer so that the new user can unlock FV and then login on to JAMF Connect. I want to use less interaction from the user, is there a script that can be done, so I can push it through JAMF?


Valued Contributor
sudo -u $(ls -l /dev/console | awk '{print $3}') sysadminctl interactive -secureTokenOn "useraccounthere" -password 'userpasswordhere'

You can use sysadminctl from the account with the secure token, but you need to know the user's password.

2022-05-17 14:03:20.161 sysadminctl[1286:11187] sysadminctl should be run as root, or in interactive mode! (Error Domain=NSOSStatusErrorDomain Code=-60007 "errAuthorizationInteractionNotAllowed: The authorization was denied since no user interaction was possible. ")


I get this message

I executed the script in files and processes execute command