This would be expected behaviour if your connect payload has FDE setting enabled in the connect payload. The way it works once the first file vault enabled user logs in from then on the connect window will not show and it will rely on Filevault authentication to proceed. This deployment mode would be typically what you would want for a one to one user deployment. I will mention that you can reset the JAMF Connect log in window by running this /usr/local/bin/authchanger -reset -jamfconnect.
This diagram from JAMF explains the behaviour:
Reading between the lines I am gathering that FV is not currently being turned on from a configuration profile?Using a separate config profile to turn on file vault and escrowing it is the JAMF recommended deployment method.
You can certainly run filevault with Connect no problems but you do need the correct setting combos for this to work best. For our environment we followed some best practice guidance from JAMF. As an example this is the way we worked out what deployment methods we wanted/needed:
One-to-one deployment:
Local accounts need to be identified and added to the hidden users payload
Devices need to be unbound from AD*
File vault setting needs separate configuration profile
FDE setting needs to be enabled in payload – “Enabled file vault for first user”
FV will enable on first reboot after user log in
Shared deployment:
Local accounts need to be identified and added to the hidden users payload
Devices need to be unbound from AD*
File vault needs to not be set
FDE setting needs to not be enabled in payload
Always require authentication should be on
User passthrough enabled
Allow local network authentication enabled
*Additional reading
Hope this helps.
