@jared_f @rguthrie Welcome to Meraki + macOS High Sierra, lol
It took me about a month to come up with a solution, however I am in office so I realize this may not work for your remote team. Long story short: you're going to want to read up on a new security feature called secureToken. Apple does supports & provides MDM frameworks so that a vendor (like Meraki) can push user accounts to a Mac, however Meraki does not support this.
secureToken ensures that users are "known-good" and not maliciously created in an automated fashion, so they are able to access a FileVault encrypted disk. Past methods of creating a custom .pkg to create a user account will technically continue to work by creating the user account, but you will not be able to enable FileVault access for that account b/c it was created in an automated fashion outside of MDM.
This is my current workflow:
1. An admin (or the user) goes through the normal macOS Setup Assistant to create their user. macOS issues this account a secureToken so that it can enable FileVault encryption
2. Meraki pushes a profile that enables a login item, so that on future reboots a script is run to create an additional admin account
3. I install a custom .pkg app using Systems Manager that doesn't create a user account, it just places a script (that will later create the account) in the file location that matches the file path of the login item in the profile you previously pushed
4. Reboot the Mac
5. The script is launched due to the login item, and the admin can then interact with the script to create the user account using the sysadminctl command
Unfortunately, until Meraki supports the MDM creation of user accounts the only 3 methods of gaining a user account with a secureToken are:
1. creating an account from the normal macOS Setup Assistant
2. manually creating an account from System Preferences
3. an interactive script in which the admin must enter credentials using the sysadminctl command