You are misunderstanding how AWS Cross Account Roles work.
First you create an IAM role for cross account access. Then you assign permission to the users to assume that role.
You do not need to have matching users in both accounts.
You do not hand out tokens to your users. Your AWS IAM users login to their AWS account and then assume the role that you created to temporarily switch their user identity to the other account.
If you want to track what each user does, then create separate roles for each user. Cloud Trail will then track everything. Enable Cloud Trail in both accounts.
How to Enable Cross-Account Access to the AWS Management Console
