I now had two of my Users being locked out of their devices a day or so after turning on FileVault via Jamf. Nothing could get me back in. Has anyone had similar problems?
It sounds like your user accounts don't have a secure token. I would advise creating the user account in the setup up assistant before any other account to prevent this. This has the benefit of granting volume ownership and a bootstrap token.
Check out this flow chart.
How are you enabling FileVault? The issue is the users are not volume owners, but depending on how you are enabling FileVault this could be an easy fix in your process.