Here you go....

This will prompt the user for their password and enable secure token

Put the admin details in relevant parmameters in the Policy and add this script.
>>

!/bin/sh

This script is intended to be used with JAMF Self Service. It will enable SecureToken for the currently logged in user account

and either add it to the list of to FileVault enabled users or enable FileVault using a Personal Recovery Key.

Your policy must include script parameters for a SecureToken enabled administrator username and password. For more information

on using script parameters, please see https://www.jamf.com/jamf-nation/articles/146/script-parameters.

v1.2 - added debugging trace messages to confirm progress of script and confirm variables are being correctly passed - by Amos Deane - 13 Sep 2018

v1.3 - corrected userName1

adminUser="$4"
adminPassword="$5"
userName1="$3"
userName2="$6"

Uses AppleScript to prompt the currently logged in user for their account password.

userPassword1=$(/usr/bin/osascript <<EOT
tell application "System Events"
activate
display dialog "To Enable Filevault, Please enter your login password:" default answer "" buttons {"Continue"} default button 1 with hidden answer
if button returned of result is "Continue" then
set pwd to text returned of result
return pwd
end if
end tell
EOT)

function separationLine {
echo "----------------------------------------------------------------------------------"
}

Enables SecureToken for the currently logged in user account.

enableSecureToken() {
separationLine
echo "Enables SecureToken for the currently logged in user account $userName1"
sudo sysadminctl -adminUser $adminUser -adminPassword $adminPassword -secureTokenOn $userName1 -password $userPassword1
}

Creates a PLIST containing the necessary administrator and user credentials.

createPlist() {
separationLine
echo "Creating a PLIST containing the necessary administrator and user credentials"
echo '<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Username</key>
<string>'$adminUser'</string>
<key>Password</key>
<string>'$adminPassword'</string>
<key>AdditionalUsers</key>
<array>
<dict>
<key>Username</key>
<string>'$userName1'</string>
<key>Password</key>
<string>'$userPassword1'</string>
</dict>
</array>
</dict>
</plist>' > /private/tmp/userToAdd.plist
}

Adds the currently logged in user to the list of FileVault enabled users.

addUser() {
separationLine
echo "Adding the currently logged in user to the list of FileVault enabled users"
sudo fdesetup add -i < /private/tmp/userToAdd.plist
}

Enables FileVault using a Personal Recovery Key.

enableFileVault() {
separationLine
echo "Enabling FileVault using a Personal Recovery Key"
sudo fdesetup enable -inputplist < /private/tmp/userToAdd.plist
}

SecureToken enabled users are automatically added to the list of Filevault enabled users when FileVault first is enabled.

Removes the specified user(s) from the list of FileVault enabled users.

removeUser() {
separationLine
echo "Removing the specified user(s) from the list of FileVault enabled users."
sudo fdesetup remove -user $adminUser
sudo fdesetup remove -user $userName2
}

Update the preboot role volume's subject directory.

updatePreboot() {
separationLine
echo "Updating preboot"
diskutil apfs updatePreboot /
}

Deletes the PLIST containing the administrator and user credentials.

cleanUp() {
separationLine
echo "Cleaning up temp files"
rm /private/tmp/userToAdd.plist
}

enableSecureToken

createPlist
if [ "$(sudo fdesetup status | head -1)" == "FileVault is On." ]; then
separationLine
echo "Filevault is on - adding to secure token"
addUser
else
separationLine
echo "Filevault is off - enabling. Removing user"
enableFileVault
removeUser
fi
updatePreboot
cleanUp

Thanks @kerouak . It worked well for us .

would u please share the code for us @Kavya

@kerouak can you re-post your script with code tags ( triple backticks) around it (or, use the "terminal" icon above the editor, that looks like ">_")? It should make the code much easier to read and copy/paste for others needing the same functionality.

@ chenhao2018 ,

We are using this script only to enable secure token .
To add the user to filevault and enable filevault we use the policy created on jamf .

Here you go....

This will prompt the user for their password and enable secure token

Put the admin details in relevant parmameters in the Policy and add this script.
>>

!/bin/sh

adminUser="$4"
adminPassword="$5"
userName1="$3"
userName2="$6"

Uses AppleScript to prompt the currently logged in user for their account password.
userPassword1=$(/usr/bin/osascript <<EOT
tell application "System Events"
activate
display dialog "To Enable Filevault, Please enter your login password:" default answer "" buttons {"Continue"} default button 1 with hidden answer
if button returned of result is "Continue" then
set pwd to text returned of result
return pwd
end if
end tell
EOT)

function separationLine {
echo "----------------------------------------------------------------------------------" }

Enables SecureToken for the currently logged in user account.
enableSecureToken() {
separationLine
echo "Enables SecureToken for the currently logged in user account $userName1" sudo sysadminctl -adminUser $adminUser -adminPassword $adminPassword -secureTokenOn $userName1 -password $userPassword1
}
enableSecureToken

Hello ,

This script does not validate if the password is entered right for the logged .
It takes the wrong password and also changes the password for the account . Is there way we can add validation of password for the logged in user .

Thanks ,
Kavyashree