This is dual layers security right, ermm nope
the domain will be user log tied to the AD and so they device is authenticated by the organisation grating user access to their controlled rights and classes, correct !
This method you mention means that user are using others first log in, thus the requiring for dual layer securing ie in this case Excel file
Trouble is ................. IG will freak as the device is open at AN.Other user and no organisation will allow that, think carefully is my advice loads of lawful access issues here and GDPR is massive right now
Get the Excel file on a generic share safe store repository, and have each user log in and access the files normally then theres no other security required only users with rights to that repository can see/open the file. Save you loads of agro all arround