Yes, they are. Here is the documentation for creating the new database credential in IAM.
OCI IAM does not support older verifiers. OCI IAM supports only the 12c database password verifier. For releases older than 12c, patch older clients to use 12c passwords.
When using IAM tokens to access the password, you use the same credentials to sign in to OCI. But you will need to set a separate password other than your OCI console password when using IAM database password authentication. Administrators can configure OCI console passwords with different security requirements, such as MFA, which wouldn't apply to existing database applications and tools that wouldn't support it.
Yes, for applications that use IAM database passwords. Many applications running 24/7/365 run multiple midtiers, each with database credentials to connect with the database. Since you need to change the password in IAM and each application instance, application downtime is required so all the passwords can be changed and an application connection doesn't fail. But with gradual password rollover, you simply add a second password to your IAM database credential store, and then both passwords will be usable. Then change your database credential in each application instance without having to take downtime. When all the passwords are updated, delete the old IAM database password.
The IAM database password uses the same password policy as the OCI console password when using IAM without the new identity domains.
There is a single lockout counter for both the OCI IAM console password and the user's IAM database password. Once it becomes locked due to excessive incorrect password entries (database and console), then the user account is locked and password and token access will be blocked until an IAM administrator unlocks it.
The Autonomous Database makes REST calls to IAM using the Autonomous Database resource principal.
Not at this time, but we expect to support federated Azure Active Directory users through IAM in the near future.
Not at this time. We are natively integrated with OCI IAM with the use of IAM principals (resource principal for the Autonomous Database).
Multi-factor authentication is not available when using IAM database passwords. But you can leverage OCI IAM policies for credential use when using IAM tokens to access the database.
Not at this time. This is only supported for Autonomous Database on shared Exadata infrastructure.
No. An IAM policy is not required when you're only using IAM database passwords to access the database. An IAM policy is required to access the database using IAM tokens.
No. You don't need to create IAM database passwords if you're only using IAM tokens to access the database.