Depending on the type of deployment setup opted for by the organization, these credentials may either be the Domain Credentials (synced with the corporate IAM) or created locally in the ISA Management Console by the Admins. In some cases, the Admins might even allow users to set their own ISA passwords. In this case, users would receive an email through which they could set their own passwords, in addition to the regular 'welcome email'.
It is expected that the Admins convey this information to all users of the organization that would be making use of the ISA solution.
Users that are locally provisioned can change their passwords within the ISA portal once logged in.