How to define more than one MSPs under an org #fabricca #fabric


I have a requirement where different departments under one org have selective access to the different channel.

I have been following this article:

Now the recommended approach from this article says:

 Defining one MSP to represent each division: This would involve specifying for
 each division, a set of certificates for root CAs, intermediate CAs, and admin
 Certs, such that there is no overlapping certification path across MSPs. This
 would mean that, for example, a different intermediate CA per subdivision is 
 employed. Here the disadvantage is the management of more than one MSPs instead
 of one, but this circumvents the issue present in the previous approach. One
 could also define one MSP for each division by leveraging an OU extension of
 the MSP configuration.

Can you help, how can I define different MSPs for each division/department by leveraging the OU extension?