General advise on deploying the RACF Endpoint Connector can be found in the product documentation (Link Below), however there are some password restrictions attributed with z/OS that should be considered when deploying endpoints.
Are there any password considerations when on-boarding RACF endpoint users?
CA Identity Manager can only work within the constraints of the host system, in this case z/OS.
There are known restrictions on the IBM RACF password length (8 Characters) and this lead to a new password field introduced circa 1.9 called passphrase these are used for passwords that are greater that 8 bytes. These are maintained independently and the IM connector can utilize either field. However not all mainframe applications can support passphrase. Therefore password management within the RACF environment need careful management and consideration within these constraints.