IAM users you are correct only allow a single 2fa key (their way of deprecating IAM users), but their SSO Users can have as many as they want and are honestly much better than IAM users. Even for my personal account I've moved to using an SSO User.
AWS documentation specifies that users are allowed upto eight MFA devices each:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credenti...
https://aws.amazon.com/blogs/security/you-can-now-assign-mul...
Apparently I haven't bothered with them for a few months and didn't notice, glad they finally added it.
Will have to try again. Presently have a user per key, named with the end of the keys ID so I know which to use, not brilliant but works.
IAM users you are correct only allow a single 2fa key (their way of deprecating IAM users), but their SSO Users can have as many as they want and are honestly much better than IAM users. Even for my personal account I've moved to using an SSO User.