When configured for federal authentication, the Excel add-in only logs in to Clarizen once, and acquires an OAUTH token used from then on, unless the user explicitly logs out from the Excel add-in.
I assume 2FA will work on the first login if applicable (performed outside the office network). Once the token was acquired, communication will be done directly with Clarizen using the token (without explicitly logging in).
Another option you have is to allow API access so you can still login with Clarizen User name/password when using the Excel add-in.
Hope this helps,