2018-Feb-17
The fdesetup utility can be used to manage which users are authorized to unlock FileVault encrypted boot volumes:
fdesetup add -usertoadd <username>
You will be prompted for the password of an existing FileVault-authorized user account, or the FileVault recovery key, and the password of the user account in question to be added.
Similarly, you can remove users from being authorized to unlock FileVault encrypted boot volumes as well:
fdesetup remove -user <username>