1. Should I know the passwords for local accounts: Administrator Admin, FRS Admin, Internal Services, IPCM Admin? How are the credentials managed?
No you do not need these passwords you should have your own system admin password which is set at installation. If you have a pre 2016.x version then you may well know the Admin account password but all newer versions you will have created your own admin account when running the system configuration wizard.
2. When I search IsInternalAuth employee records 5 are returned and it shows at the top 6 total. Is there a hidden account (such as FRS Admin)?
The IsInternalAuth field is used to denote users whom have an internal authentication (username/password enabled). If you look in the database there is an account called FRS Admin that is not displayed in the UI. Not sure why you would need to contact support regarding that.
3. Both External Authentication login for SSO and LDAP are configured in our system but is there documentation explaining how this works?
Here the link to the help on these options: https://help.ivanti.com/ht/help/en_US/ISM/2017/Index.html#Configure/Security/Single Sign On.htm
1. The passwords are unique to each system setup? We are going through to want to make sure there are no security gaps.
2. I will check SQL - thanks.
3. Thank you.
Most roles (for ex, Application Analyst) can edit Employee records. So they can change passwords on local accounts and bring the system down correct?
Sorry missed your reply. You can make those fields read only to those users preventing them from editing them.
Yes I ended up hiding to all but Admin. Thanks.