We unfortunately do not have a step by step guide, but I believe you are on the right track here
You could do it this way, or authorize the existing m2m client for another API.
Unfortunately, I am not aware of any way to to connect applications to organizations so to speak. Are you able to elaborate a bit more on the use case here? You could take advantage of application_metadata if you are just looking for a way to organize which clients/credentials belong to whom.